phpDEV5 – Remote Default Insecure Users

35次阅读
没有评论

phpDEV5 – Remote Default Insecure Users

漏洞ID 1054963 漏洞类型
发布时间 2005-03-11 更新时间 2005-03-11
phpDEV5 - Remote Default Insecure UsersCVE编号 N/A
phpDEV5 - Remote Default Insecure UsersCNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/873
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
------------------------------------------------------------------------
# PHPDev5 Remote Insecure Default Users & Passwords vuln.
# By : Ali7
# e-mail : [email protected]
# date : 09-03-2k5
# greetz : all my friends ; AlkaeN ; s4a.cc boyz ;)
 
 
>Target : PHPDev 5
>URL : www.firepages.com.au - http://sourceforge.net/projects/phpdev5/
>Type : PHP/Apache/MySQL Server..
 
>>Details : i found that PHPDev creates 4 default users with "blank passwords"..
@% : no privs.
@localhost : full privs. & full control on all Databases..
root@% : full privs. & full control on all Databases..
root@localhost : full privs. & full control on all Databases..
 
>>Exploitin'9 : The Attacker may have the the full control on any database using PhpMyAdmin or any other database management software..
 
An Advanced Attacker may use the the privs. to execute malicuos SQL queries or download PHP-shells .....etc.
 
>> Fixing :
** Change the Blank Passwords.. :
 
That's All ..)) Sorry 4 my bad English $:

# milw0rm.com [2005-03-11]

相关推荐: Linux/x86 – Add Root User (t00r) To /etc/passwd + Anti-IDS Shellcode (116 bytes)

Linux/x86 – Add Root User (t00r) To /etc/passwd + Anti-IDS Shellcode (116 bytes) 漏洞ID 1054689 漏洞类型 发布时间 2004-09-26 更新时间 2004-09-26…

正文完
 0