SweetRice 1.5.1 Backup Disclosure

2016-11-06T00:00:00
ID PACKETSTORM:139585
Type packetstorm
Reporter Ashiyane Digital Security Team
Modified 2016-11-06T00:00:00

Description

                                        
                                            `Title: SweetRice 1.5.1 - Backup Disclosure  
Application: SweetRice  
Versions Affected: 1.5.1  
Vendor URL: http://www.basic-cms.org/  
Software URL: http://www.basic-cms.org/attachment/sweetrice-1.5.1.zip  
Discovered by: Ashiyane Digital Security Team  
Tested on: Windows 10  
Bugs: Backup Disclosure  
Date: 16-Sept-2016  
  
  
Proof of Concept :  
  
You can access to all mysql backup and download them from this directory.  
http://localhost/inc/mysql_backup  
  
and can access to website files backup from:  
http://localhost/SweetRice-transfer.zip  
`