2532/Gigs 1.2.2 - Arbitrary Database Backup/Download



EKU-ID: 13406 CVE: OSVDB-52116;CVE-2008-6199 OSVDB-ID:
Author: t0pP8uZz Published: 2008-04-18 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


--==+================================================================================+==--
--==+          2532|Gigs <= 1.2.2 Arbitrary Remote Database Backup/Download          +==--
--==+================================================================================+==--



Discovered By: t0pP8uZz
Discovered On: 18 April 2008
Script Download: http://www.2532gigs.com/?download=2532Gigs_stable
DORK: N/A

Vendor Has Not Been Notified!


DESCRIPTION:
2532|Gigs does not validate a user in "backup.php" this means any user can visit and backup.
of course some GET variables are being used but thats all.

running the below url/path on a server that is running 2532|Gigs will make a backup of the database
and save it too "http://site.com/2532gigs/backup.sql"


Vulnerability:
http://site.com/2532gigs/backup.php?export=1


NOTE/TIP:
you must be logged in to a ordinary user account for this too work!


GREETZ: milw0rm.com, h4ck-y0u.org, CipherCrew !



--==+================================================================================+==--
--==+          2532|Gigs <= 1.2.2 Arbitrary Remote Database Backup/Download          +==--
--==+================================================================================+==--

# milw0rm.com [2008-04-18]