2532|Gigs <= 1.2.2 Arbitrary Database Backup/Download Vulnerability

2009.02.22
Credit: t0pP8uZz
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2008-6199
CWE: CWE-264


CVSS Base Score: 4/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8/10
Exploit range: Remote
Attack complexity: Low
Authentication: Single time
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

--==+================================================================================+==-- --==+ 2532|Gigs <= 1.2.2 Arbitrary Remote Database Backup/Download +==-- --==+================================================================================+==-- Discovered By: t0pP8uZz Discovered On: 18 April 2008 Script Download: http://www.2532gigs.com/?download=2532Gigs_stable DORK: N/A Vendor Has Not Been Notified! DESCRIPTION: 2532|Gigs does not validate a user in "backup.php" this means any user can visit and backup. of course some GET variables are being used but thats all. running the below url/path on a server that is running 2532|Gigs will make a backup of the database and save it too "http://site.com/2532gigs/backup.sql" Vulnerability: http://site.com/2532gigs/backup.php?export=1 NOTE/TIP: you must be logged in to a ordinary user account for this too work! --==+================================================================================+==-- --==+ 2532|Gigs <= 1.2.2 Arbitrary Remote Database Backup/Download +==-- --==+================================================================================+==--

References:

http://xforce.iss.net/xforce/xfdb/41912
http://www.milw0rm.com/exploits/5465


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top