28 lines
No EOL
1,009 B
Text
28 lines
No EOL
1,009 B
Text
------------------------------------------------------------------------
|
|
# PHPDev5 Remote Insecure Default Users & Passwords vuln.
|
|
# By : Ali7
|
|
# e-mail : ali7@hotmail.co.uk
|
|
# date : 09-03-2k5
|
|
# greetz : all my friends ; AlkaeN ; s4a.cc boyz ;)
|
|
|
|
|
|
>Target : PHPDev 5
|
|
>URL : www.firepages.com.au - http://sourceforge.net/projects/phpdev5/
|
|
>Type : PHP/Apache/MySQL Server..
|
|
|
|
>>Details : i found that PHPDev creates 4 default users with "blank passwords"..
|
|
@% : no privs.
|
|
@localhost : full privs. & full control on all Databases..
|
|
root@% : full privs. & full control on all Databases..
|
|
root@localhost : full privs. & full control on all Databases..
|
|
|
|
>>Exploitin'9 : The Attacker may have the the full control on any database using PhpMyAdmin or any other database management software..
|
|
|
|
An Advanced Attacker may use the the privs. to execute malicuos SQL queries or download PHP-shells .....etc.
|
|
|
|
>> Fixing :
|
|
** Change the Blank Passwords.. :\
|
|
|
|
That's All ..)) Sorry 4 my bad English $:
|
|
|
|
# milw0rm.com [2005-03-11] |