Exploit for Path Traversal in Backupbliss Backup_Migration CVE-2023-6972

Name: Exploit for Path Traversal in Backupbliss Backup_Migration CVE-2023-6972
Rating: 5 (97 reviews)
2026-04-13 | CVSS 9.8
## https://sploitus.com/exploit?id=689AD700-25FB-5E12-8727-B72694C9005D
# CVE-2023-6972 Proof of Concept (PoC)

## Description

This repository contains a Proof of Concept (PoC) exploit for **CVE-2023-6972**. 

The vulnerability allows for Unauthenticated Arbitrary File Deletion (AFD) in Wordpress Backup Migration Plugin ` **Note:** A comprehensive technical breakdown, full case study, and root cause analysis of this exploit available at https://medium.com/@phantom_hat/cve-2023-6972-wordpress-backup-migration-1-3-9-arbitrary-file-deletion-case-study-ccea1c5f8c4e

## Vulnerability Details
- **CVE ID:** CVE-2023-6972
- **NVD Link:** [https://nvd.nist.gov/vuln/detail/CVE-2023-6972](https://nvd.nist.gov/vuln/detail/CVE-2023-6972)

## Disclaimer

**For Educational and Authorized Security Testing Purposes Only.**
This script is provided "as is" and the author holds no responsibility for any misuse or damage caused by its use. Always obtain explicit, written permission from the system owner before conducting any security testing.

## Prerequisites

- Python 3.x
- `requests` library
- `rich` library (for the CLI interface)

Install the required dependencies:
```bash
pip install -r requirements.txt
```

## Usage

The exploit script (`exploit.py`) provides a CLI interface with two distinct modes:

### 1. Check Mode
Validates if the target URL is vulnerable to CVE-2023-6972 without firing the exploit.

```bash
python3 exploit.py check -u 
```

**Example:**
```bash
python3 exploit.py check -u http://example.com
```

### 2. Exploit Mode
Executes the vulnerability payload against the target URL.

```bash
python3 exploit.py exploit -u  -f  -n 
```

**Options:**
- `-u` / `--url`: The target URL.
- `-f` / `--file-path`: The directory path to delete the file.
- `-n` / `--file-name`: The desired name of the file which you want to delete.

**Example:**
```bash
python3 exploit.py exploit -u http://127.0.0.1 -f /tmp -n delete-me.txt
```

### Verbose Mode
You can add the `-v` or `--verbose` flag to either command to enable detailed, and formatted visual logging and output.

```bash
python3 exploit.py exploit -u http://127.0.0.1 -f /tmp -n delete-me.txt --verbose
```