------------------------------------------------------------------------
# PHPDev5 Remote Insecure Default Users & Passwords vuln.
# By : Ali7
# e-mail : [email protected]
# date : 09-03-2k5
# greetz : all my friends ; AlkaeN ; s4a.cc boyz ;)
>Target : PHPDev 5
>URL : www.firepages.com.au - http://sourceforge.net/projects/phpdev5/
>Type : PHP/Apache/MySQL Server..
>>Details : i found that PHPDev creates 4 default users with "blank passwords"..
@% : no privs.
@localhost : full privs. & full control on all Databases..
root@% : full privs. & full control on all Databases..
root@localhost : full privs. & full control on all Databases..
>>Exploitin'9 : The Attacker may have the the full control on any database using PhpMyAdmin or any other database management software..
An Advanced Attacker may use the the privs. to execute malicuos SQL queries or download PHP-shells .....etc.
>> Fixing :
** Change the Blank Passwords.. :
That's All ..)) Sorry 4 my bad English $:
# milw0rm.com [2005-03-11]
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666