2532|Gigs - exploit.company

vendor:

2532|Gigs

by:

t0pP8uZz

7.5

CVSS

HIGH

Arbitrary Remote Database Backup/Download

N/A

CWE

Product Name: 2532|Gigs

Affected Version From: 1.2.2002

Affected Version To: 1.2.2002

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

2532|Gigs <= 1.2.2 Arbitrary Remote Database Backup/Download

2532|Gigs does not validate a user in 'backup.php' this means any user can visit and backup. of course some GET variables are being used but thats all. running the below url/path on a server that is running 2532|Gigs will make a backup of the database and save it too 'http://site.com/2532gigs/backup.sql'

Mitigation:

Vendor Has Not Been Notified!

Source

Exploit-DB raw data:

--==+================================================================================+==--
--==+          2532|Gigs <= 1.2.2 Arbitrary Remote Database Backup/Download          +==--
--==+================================================================================+==--



Discovered By: t0pP8uZz
Discovered On: 18 April 2008
Script Download: http://www.2532gigs.com/?download=2532Gigs_stable
DORK: N/A

Vendor Has Not Been Notified!


DESCRIPTION: 
2532|Gigs does not validate a user in "backup.php" this means any user can visit and backup.
of course some GET variables are being used but thats all.

running the below url/path on a server that is running 2532|Gigs will make a backup of the database
and save it too "http://site.com/2532gigs/backup.sql"


Vulnerability:
http://site.com/2532gigs/backup.php?export=1


NOTE/TIP: 
you must be logged in to a ordinary user account for this too work!


GREETZ: milw0rm.com, h4ck-y0u.org, CipherCrew !



--==+================================================================================+==--
--==+          2532|Gigs <= 1.2.2 Arbitrary Remote Database Backup/Download          +==--
--==+================================================================================+==--

# milw0rm.com [2008-04-18]