Full Disclosure

Exploit for stealing backups on WP sites with WP-DB-Backup v2.2.4 plugin

November 25, 2014 007admin Leave a comment

Posted by Larry W. Cashdollar on Nov 26

#!/bin/bash
#Larry W. Cashdollar, @_larry0
#Will brute force and search a WordPress target site with WP-DB-Backup v2.2.4 plugin installed for any backups done on
#20141031 assumes the wordpress database is wordpress and the table prefix is wp_
#http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-db-backup-v2.2.4/
#http://thehackerblog.com/auditing-wp-db-backup-wordpress-plugin-why-using-the-database-password-for-entropy-is-a-bad-idea/
#run…

Leave a Reply Cancel reply

You must be logged in to post a comment.

Software and Security Information