Skip to content

Instantly share code, notes, and snippets.

@Hadi999
Created April 6, 2023 11:38
Show Gist options
  • Save Hadi999/d691e35d4f494d37ccc5638e68227606 to your computer and use it in GitHub Desktop.
Save Hadi999/d691e35d4f494d37ccc5638e68227606 to your computer and use it in GitHub Desktop.
> [Suggested description]
> GDidees CMS v3.9.1 was discovered to contain a source code disclosure
> vulnerability by the backup feature which is accessible via
> /_admin/backup.php.
>
> ------------------------------------------
>
> [Vulnerability Type]
> Incorrect Access Control
>
> ------------------------------------------
>
> [Vendor of Product]
> GDidees
>
> ------------------------------------------
>
> [Affected Product Code Base]
> GDidees CMS - 3.9.1 and lower versions
>
> ------------------------------------------
>
> [Affected Component]
> the affected file is : {webroot}/_admin/backup.php
> the backup archives are stored at : {webroot}/_db-backups
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Impact Information Disclosure]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> An attacker could visit {URL}/_admin/backup.php in order to generate an zipped backup file of web root then go to {URL}/_db-backups/ and download the archive containing all the source code of the GDidees installation including database credentials and private files.
> The archive may also contain other applications outside GDidees such as virtual hosts.
>
> ------------------------------------------
>
> [Reference]
> https://www.gdidees.eu/cms-1-0.html
> https://github.com/chamilo/pclzip
>
> ------------------------------------------
>
> [Discoverer]
> Hadi Mene
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment