IntegraMOD 1.4.x (Insecure Directory) Download Database Vulnerability

2008-09-24 / 2008-09-25
Credit: TheJT
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-200


Ogólna skala CVSS: 5/10
Znaczenie: 2.9/10
Łatwość wykorzystania: 10/10
Wymagany dostęp: Zdalny
Złożoność ataku: Niska
Autoryzacja: Nie wymagana
Wpływ na poufność: Częściowy
Wpływ na integralność: Brak
Wpływ na dostępność: Brak

today i found some major security problem. the issue can be found at all integramod 1.4.x versions. explanation of the issue: all integramod versions do have a backup folder where the daily database backups are stored. the coders of integramod forgott to secure this folder. example: just head to the official page of integramod www.integramod.com. you are being redirected to http://www.integramod.com/forum/ . now just head into the backup folder: http://www.integramod.com/forum/backup. As you can see you have full access to all database backups! -> www.pagename/installpath/backup/ directly leads to the database backups! notice: some versions do have a index.html in the folder but it is easy to get the backups any way bacause they are alway stored in the dame format: backup-yyyy-dd-mm.sql greetings from germany TheJT

Referencje:

http://www.securityfocus.com/bid/31149
http://www.milw0rm.com/exploits/6390
http://www.integramod.com/forum/viewtopic.php?f=3&t=5089
http://secunia.com/advisories/31749


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top