header-logo
Suggest Exploit
vendor:
SweetRice
by:
Ashiyane Digital Security Team
2,6
CVSS
LOW
Backup Disclosure
N/A
CWE
Product Name: SweetRice
Affected Version From: 1.5.1
Affected Version To: 1.5.1
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 10
2016

SweetRice 1.5.1 – Backup Disclosure

An attacker can access to all mysql backup and download them from the directory http://localhost/inc/mysql_backup and can access to website files backup from http://localhost/SweetRice-transfer.zip

Mitigation:

Ensure that the backup files are not accessible from the web server.
Source

Exploit-DB raw data:

Title: SweetRice 1.5.1 - Backup Disclosure
Application: SweetRice
Versions Affected: 1.5.1
Vendor URL: http://www.basic-cms.org/
Software URL: http://www.basic-cms.org/attachment/sweetrice-1.5.1.zip
Discovered by: Ashiyane Digital Security Team
Tested on: Windows 10
Bugs: Backup Disclosure
Date: 16-Sept-2016


Proof of Concept :

You can access to all mysql backup and download them from this directory.
http://localhost/inc/mysql_backup

and can access to website files backup from:
http://localhost/SweetRice-transfer.zip

Navigation

Suggest Exploit

Services By CQR