CVE-2023–6266 || Backup Migration — vulnerable to unauthorized access of data.
Let’s see how to utilize Python script to detect whether website that is utilizing “Backup Migration” plugin which might be vulnerable to Unauthenticated Arbitrary File Download.
Description
The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to insufficient path and file validation on the BMI_BACKUP case of the handle_downloading function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers to download back-up files which can contain sensitive information such as user passwords, PII, database credentials, and much more.
Affected versions:
Backup Migration <= 1.3.6
Installation:
- Clone the repo
git clone https://github.com/IRB0T/CVE-Scan.git2. Navigate to the “CVE-2023–6266-Scan” directory
cd CVE-2023-6266-Scan3. Install the dependencies with pip. Depending on your local python3 setup, the required commands will be either:
pip install -r requirements.txtOR
pip3 install -r requirements.txt4. Open CMD and type below command, Where you need to replace your target by providing appropriate URL. (E.g. Python CVE-2023–6266-Scan.py YOUR_URL)
Pyhton CVE-2023-6266-Scan.py http://192.168.0.2
Reference:
1.https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/backup-backup/backup-migration-136-unauthenticated-arbitrary-file-download-to-sensitive-information-exposure
2.https://wordpress.org/plugins/backup-backup/#developers