IntegraMOD 1.4.x - Insecure Directory Download Database Vulnerability

ID EDB-ID:6390
Type exploitdb
Reporter TheJT
Modified 2008-09-06T00:00:00


IntegraMOD 1.4.x (Insecure Directory) Download Database Vulnerability. CVE-2008-4183. Webapps exploit for php platform

                                            today i found some major security problem. the issue can be found at all integramod 1.4.x versions.
explanation of the issue:

all integramod versions do have a backup folder where the daily database backups are stored. the coders 
of integramod forgott to secure this folder.

just head to the official page of integramod you are being redirected 
to . now just head into the backup folder:
As you can see you have full access to all database backups!
-> www.pagename/installpath/backup/ directly leads to the database backups!
notice: some versions do have a index.html in the folder but it is easy to get the backups any way 
bacause they are alway stored in the dame format:

greetings from germany


# [2008-09-06]