Pulse CMS version 4.5.2 suffers from a backup disclosure vulnerability.
b8b358dd78589bcd7aefea266f7f0e7299b629b73e679154f114c523303f4d59
Document Title:
===============
Pulse CMS 4.5.2 - Backup Disclosure
References (Source):
====================
http://ehsansec.ir/advisories/plusecms452-disclosure.txt
Release Date:
=============
2016-03-30
Product & Service Introduction:
===============================
Pulse CMS is the easiest way to build and deploy a responsive, content
managed website. Since it's a flat file CMS there is no complicated
database setup, just copy it to your server and
go.(https://www.pulsecms.com/)
Software Link:
==============
http://www.pulsecms.com/download/pulse.zip
Vulnerability Type:
=========================
Backup Disclosure
Vulnerability Details:
==============================
I discovered a backup disclosure vulnerability in Pulse CMS 4.5.2.
Exploitation Technique:
=======================
Remote
Severity Level:
===============
High
Proof of Concept (PoC):
=======================
Backup Files are in the directory and we can download them.
http://localhost/pulse/content/backups/
Example:
03.01.16-556.zip
Author:
==================
Ashiyane Digital Security Team
Ehsan Hosseini
http://ehsansec.ir/
SPX tnx to:
===========
Milad Hacking (Fullsecurity.org)
Contact:
========
hehsan979@gmail.com
info@ehsansec.ir