Document Title:
===============
Pulse CMS 4.5.2 - Backup Disclosure


References (Source):
====================
http://ehsansec.ir/advisories/plusecms452-disclosure.txt


Release Date:
=============
2016-03-30


Product & Service Introduction:
===============================
Pulse CMS is the easiest way to build and deploy a responsive, content
managed website. Since it's a flat file CMS there is no complicated
database setup, just copy it to your server and
go.(https://www.pulsecms.com/)


Software Link:
==============
http://www.pulsecms.com/download/pulse.zip


Vulnerability Type:
=========================
Backup Disclosure


Vulnerability Details:
==============================
I discovered a backup disclosure vulnerability in Pulse CMS 4.5.2.


Exploitation Technique:
=======================
Remote


Severity Level:
===============
High


Proof of Concept (PoC):
=======================
Backup Files are in the directory and we can download them.

http://localhost/pulse/content/backups/

Example:
03.01.16-556.zip



Author:
==================
Ashiyane Digital Security Team
Ehsan Hosseini
http://ehsansec.ir/


SPX tnx to:
===========
Milad Hacking (Fullsecurity.org)


Contact:
========
hehsan979@gmail.com
info@ehsansec.ir