CVE-2007-6603

Hot or Not Clone - Unauthenticated Database Backup Disclosure via Direct Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6603. PoCs published by RoMaNcYxHaCkEr.

AI-analyzed exploit summary This is a writeup describing an information leakage vulnerability in Hot or Not Clone by Jnshosts.com, where unauthenticated access to backup files exposes admin credentials. The exploit involves downloading a backup file and extracting plaintext credentials.

Description

Hot or Not Clone has insufficient access control for producing and reading database backups, which allows remote attackers to obtain the administrator username and password via a direct request to control/backup/backup.php, which generates a backup/dump/backup.sql file that can be downloaded via a direct request to control/downloadfile.php.

Exploits (1)

exploitdb WRITEUP VERIFIED
by RoMaNcYxHaCkEr · textwebappsphp
https://www.exploit-db.com/exploits/4804

This is a writeup describing an information leakage vulnerability in Hot or Not Clone by Jnshosts.com, where unauthenticated access to backup files exposes admin credentials. The exploit involves downloading a backup file and extracting plaintext credentials.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Hot or Not Clone by Jnshosts.com
No auth needed
Prerequisites: Access to the backup.php file via unauthenticated HTTP request
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4804
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/40572
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28261
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/39344

Scores

EPSS 0.0286
EPSS Percentile 84.9%

Details

CWE
CWE-264
Status published
Products (1)
hotscripts/hot_or_not_clone
Published Dec 31, 2007
Tracked Since Feb 18, 2026