The famous WP-DB Backup plugin for WordPress is vulnerable to directory traversal attack. marc & shb from ssteam discovered this vulnerability about a week ago and the author of WP-DB Backup was not informed about it.

Proof of Concept:
You must have administrator rights in the wordpress blog to exploit this vulnerability.

http://path-to-wordpress/wp-admin/edit.php?page=wp-db-backup.php&backup=

../../../../../etc/passwd

The author of WP-DB Backup currently doesn’t have a fix for this exploit. Disabling the plugin will not fix the problem. You can either rename or delete the plugin for temporary fix. If your wordpress blog site has a few admins, then you definately need to fix this problem.

Good news is, Ryan Boren has a fix for the directory traversal vulnerability.

Related posts:

  • Best Backup and Synchronization Software
  • Hack Hotmail using XSS exploit
  • Easily Backup Files to GMail with a click