## https://sploitus.com/exploit?id=WPEX-ID:F27D753E-861A-4D8D-9B9A-6C99A8A7EBE0
Find the URL of the actual installer script in the html returned by this endpoint: http://example.com/wp-content/backups-dup-lite/dup-installer/main.installer.php?is_daws=1
By changing the last part of the URL from '_installer.php' to '_archive.zip' the full backup is available.
As a bonus, by changing the last part of the URL from '_installer.php' to '.log', some information about the system is revealed.