Artiphp CMS 5.5.0 Database Backup Disclosure Exploit

Title: Artiphp CMS 5.5.0 Database Backup Disclosure Exploit
Advisory ID: ZSL-2012-5091
Type: Local/Remote
Impact: Exposure of sensitive information
Risk: (3/5)
Release Date: 16.05.2012
Summary
Artiphp is a content management system (CMS) open and free to create and manage your website.
Description
Artiphp stores database backups using backupDB() utility with a predictable file name inside the web root, which can be exploited to disclose sensitive information by downloading the file. The backup is located in '/artzone/artpublic/database/' directory as 'db_backup_[type].[yyyy-mm-dd].sql.gz' filename.
Vendor
Artiphp - http://www.artiphp.com
Affected Version
5.5.0 Neo (r422)
Tested On
Microsoft Windows XP Professional SP3 (EN)
Apache 2.2.21
PHP 5.3.8 / 5.3.9
MySQL 5.5.20
Vendor Status
N/A
PoC
artiphp_dbd.php
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://cxsecurity.com/issue/WLB-2012050121
[2] http://www.exploit-db.com/exploits/18889/
[3] http://packetstormsecurity.org/files/112806
[4] http://www.1337day.com/exploits/18285
[5] http://secunia.com/advisories/49195
[6] http://www.osvdb.org/show/osvdb/81991
[7] http://xforce.iss.net/xforce/xfdb/75690
[8] http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-2905
Changelog
[16.05.2012] - Initial release
[18.05.2012] - Added reference [3], [4] and [5]
[22.05.2012] - Added reference [6]
[26.05.2012] - Added reference [7] and [8]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk