header-logo
Suggest Exploit
vendor:
PHPAccess
by:
L0rd CrusAd3r aka VSN
7,5
CVSS
HIGH
SQLi Vulnerability
89
CWE
Product Name: PHPAccess
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

PHPAccess SQLi Vulnerability

PHPAccess allows you to easily safe your Website against unallowed access. It offers an intuitive and easy-to-use user-interface that displays current information and possible actions on one page. You don't have to know anything about the complex unix-htaccess-system nor do you have to create the .htaccess- / .htpasswd-files. PHPAccess does this job for you. You even don't have to know the absolute path to your website - PHP finds this information automatically. With PHPAccess you can add, modify and delete the users that have access to your data. All you have to do is upload the PHPAccess-file, give it the correct file-permissions (via ftp-proggie) and start PHPAccess in your web-browser.

Mitigation:

Update to the latest version of PHPAccess
Source

Exploit-DB raw data:

Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title:PHPAccess SQLi Vulnerability
Version:n/a
Vendor url:http://www.krizleebear.de
Published: 2010-06-09
Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue™®, S1ayer,d3c0d3r and to all
ICW members
############################################################################################################


PHPAccess SQLi Vulnerability

Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]

############################################################################################################

Description:

PHPAccess allows you to easily safe your Website against unallowed access.
It offers an intuitive and easy-to-use user-interface that displays current
information and possible actions on one page.
You don't have to know anything about the complex unix-htaccess-system nor
do you have to create the .htaccess- / .htpasswd-files.
PHPAccess does this job for you. You even don't have to know the absolute
path to your website - PHP finds this information automatically.
With PHPAccess you can add, modify and delete the users that have access to
your data.
All you have to do is upload the PHPAccess-file, give it the correct
file-permissions (via ftp-proggie) and start PHPAccess in your web-browser.
###########################################################################################################

Vulnerability:

*SQLi Vulnerability

DEMO URL :http://server/phpaccess/dynamisch/index.php

Navigation

Suggest Exploit

Services By CQR