PHP-Fusion Database Backup Disclosure

2004-08-17T00:00:00
ID OSVDB:9032
Type osvdb
Reporter y3dips(y3dips@echo.or.id)
Modified 2004-08-17T00:00:00

Description

Vulnerability Description

PHP-Fusion contains a flaw that may lead to an unauthorized information disclosure. Attacker can download or view database backup files due to the fact that they are stored in publicly accessable directories and use predictable naming schemes in the format: "backup_year-month-day_time.sql" or "backup_year-month-day_time.sql.gz".

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Apply proper permission on directory in which backups are stored.

Short Description

PHP-Fusion contains a flaw that may lead to an unauthorized information disclosure. Attacker can download or view database backup files due to the fact that they are stored in publicly accessable directories and use predictable naming schemes in the format: "backup_year-month-day_time.sql" or "backup_year-month-day_time.sql.gz".

Manual Testing Notes

http://[victim]/fusion/fusion_admin/db_backups/backup_2004-08-17_1845.sql

References:

Vendor URL: http://sourceforge.net/projects/php-fusion/ Security Tracker: 1010983 Secunia Advisory ID:12336 Related OSVDB ID: 9033 Related OSVDB ID: 9034 Other Advisory URL: http://echo.or.id/adv/adv04-y3dips-2004.txt Nessus Plugin ID:14356 ISS X-Force ID: 17037 CVE-2004-1724 Bugtraq ID: 10974