CVE-2023–5504 || BackWPup || Directory Traversal Vulnerability in WordPress Plugin
Let’s see how to utilize Python script to detect whether website that is utilizing “BackWPup” plugin which might be vulnerable to Directory Traversal.
Description
The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server.
Affected versions:
BackWPup <= 4.0.1
Installation:
- Clone the repo
git clone https://github.com/IRB0T/CVE-Scan.git2. Navigate to the “CVE-2023–5504-Scan” directory
cd CVE-2023-5504-Scan3. Install the dependencies with pip. Depending on your local python3 setup, the required commands will be either:
pip install -r requirements.txtOR
pip3 install -r requirements.txt4. Open CMD and type below command, Where you need to replace your target by providing appropriate URL. (E.g. Python CVE-2023–5504-Scan.py YOUR_URL)
Pyhton CVE-2023-5504-Scan.py http://192.168.0.2
Reference:
1.https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/backwpup/backwpup-401-authenticated-administrator-directory-traversal
2.https://wordpress.org/plugins/backwpup/#developers