Advertisement






WordPress Updraft 0.6.1 Backup Disclosure

CVE Category Price Severity
CVE-2021-24554 CWE-200 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2023-06-07
CVSS
CVSS:4.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023060008

Below is a copy:

WordPress Updraft 0.6.1 Backup Disclosure
====================================================================================================================================
| # Title     : WordPress - updraft 0.6.1 Backup Disclosure Vulnerability                                                          |
| # Author    : indoushka                                                                                                          |
| # Tested on : windows 10 Franais V.(Pro) / browser : Mozilla firefox 108.0.2(64-bit)                                            | 
| # Vendor    : https://fr.wordpress.org/plugins/updraft/                                                                          |  
| # Dork      : "index of /wp-content/updraft/"                                                                                    |
====================================================================================================================================

P0C :

[+] WordPress - updraft 0.6.1 appears to leave backups in a world accessible directory under the document root.

[+] Dorking n Google Or Other Search Enggine.

[+] Use payload : "/wp-content/updraft/"

[+] https://127.0.0.1/programmerinjamamcom/test/wp-content/updraft/


Greetings to :=========================================================================================================================
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm * thelastvvv *Zigoo.eg                      |
=======================================================================================================================================

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.