漏洞描述
Detected exposed Batflat CMS SQLite database files that may contain sensitive information including admin credentials, user data, site configuration, and content. Batflat stores its database in the /inc/data/ directory by default.
batflat-sqlite-exposure: Batflat SQLite Database - Exposure
PoC代码[已公开]
id: batflat-sqlite-exposure
info:
name: Batflat SQLite Database - Exposure
author: DhiyaneshDk
severity: high
description: |
Detected exposed Batflat CMS SQLite database files that may contain sensitive information including admin credentials, user data, site configuration, and content. Batflat stores its database in the /inc/data/ directory by default.
reference:
- https://batflat.org/
- https://github.com/sruupl/batflat
metadata:
verified: true
max-request: 1
shodan-query: html:"Batflat"
tags: batflat,database,sqlite,unauth,backup,exposure
http:
- method: GET
path:
- "{{BaseURL}}/inc/data/database.sdb"
matchers-condition: and
matchers:
- type: binary
binary:
- "53514c69746520666f726d6174203300" # "SQLite format 3\0" hex
part: body
- type: status
status:
- 200
# digest: 490a0046304402203539dfd6729dea116bb0f53d181e257b8fed578c1fdc300eeb7d1aa7f1b9435702206047afe1238447161d4a8d7f5763e395d1b99f99f81a7fcc4fe03bf7ca058ac8:922c64590222798bb761d5b6d8e72950