← Advisories

Artiphp CMS 5.5.0 Database Backup Disclosure Exploit

Medium
Advisory ID
ZSL-2012-5091
Release Date
16 May 2012
Vendor
Artiphp - http://www.artiphp.com
Affected Version
5.5.0 Neo (r422)
CVE
CVE-2012-2905
Tested On
Microsoft Windows XP Professional SP3 (EN), Apache 2.2.21, PHP 5.3.8 / 5.3.9, MySQL 5.5.20
Summary

Artiphp is a content management system (CMS) open and free to create and manage your website.

Description

Artiphp stores database backups using backupDB() utility with a predictable file name inside the web root, which can be exploited to disclose sensitive information by downloading the file. The backup is located in '/artzone/artpublic/database/' directory as 'db_backup_[type].[yyyy-mm-dd].sql.gz' filename.

Proof of Concept
artiphp_dbd.phpTXT
Disclosure Timeline
N/A
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]http://cxsecurity.com/issue/WLB-2012050121
[2]http://www.exploit-db.com/exploits/18889/
[3]http://packetstormsecurity.org/files/112806
[4]http://www.1337day.com/exploits/18285
[5]http://secunia.com/advisories/49195
[6]http://www.osvdb.org/show/osvdb/81991
[7]http://xforce.iss.net/xforce/xfdb/75690
[8]http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-2905
Changelog
16.05.2012Initial release
18.05.2012Added reference [3], [4] and [5]
22.05.2012Added reference [6]
26.05.2012Added reference [7] and [8]