phpDEV5 – Remote Default Insecure Users

phpDEV5 – Remote Default Insecure Users

漏洞ID 1054963 漏洞类型
发布时间 2005-03-11 更新时间 2005-03-11
图片[1]-phpDEV5 – Remote Default Insecure Users-安全小百科CVE编号 N/A
图片[2]-phpDEV5 – Remote Default Insecure Users-安全小百科CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/873
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
------------------------------------------------------------------------
# PHPDev5 Remote Insecure Default Users & Passwords vuln.
# By : Ali7
# e-mail : [email protected]
# date : 09-03-2k5
# greetz : all my friends ; AlkaeN ; s4a.cc boyz ;)
 
 
>Target : PHPDev 5
>URL : www.firepages.com.au - http://sourceforge.net/projects/phpdev5/
>Type : PHP/Apache/MySQL Server..
 
>>Details : i found that PHPDev creates 4 default users with "blank passwords"..
@% : no privs.
@localhost : full privs. & full control on all Databases..
root@% : full privs. & full control on all Databases..
root@localhost : full privs. & full control on all Databases..
 
>>Exploitin'9 : The Attacker may have the the full control on any database using PhpMyAdmin or any other database management software..
 
An Advanced Attacker may use the the privs. to execute malicuos SQL queries or download PHP-shells .....etc.
 
>> Fixing :
** Change the Blank Passwords.. :
 
That's All ..)) Sorry 4 my bad English $:

# milw0rm.com [2005-03-11]

相关推荐: Linux/x86 – Add Root User (t00r) To /etc/passwd + Anti-IDS Shellcode (116 bytes)

Linux/x86 – Add Root User (t00r) To /etc/passwd + Anti-IDS Shellcode (116 bytes) 漏洞ID 1054689 漏洞类型 发布时间 2004-09-26 更新时间 2004-09-26…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享