Jump to content
Praetorian503

Sqlitemanager Remote Php Code Execution(Injection) Vulnerability - Demo

By Praetorian503, in Tutoriale video

Recommended Posts

Praetorian503 Newbie

Praetorian503

Posted
Posted



Description: After i sent my exploit to exploit-db and 1337day,
I made you this demo to show how it works.

Links For The Exploit:
http://www.exploit-db.com/exploits/24320/
1337day Inj3ct0r Exploit Database : vulnerability : 0day : shellcode by Inj3ct0r Team

Tools used:
HCON STF
My Exploit

Music:
Infected Mushroom With Mayumana - Converting Vegetarian (Live)

Exploit Description:
================================================== =============
Exploit Title: SQLiteManager 0Day Remote PHP Code Injection Vulnerability
Google Dork: intitle:SQLiteManager inurl:sqlite/
Date: 23/01/2013
Exploit Author: RealGame
Vendor Homepage: http://www.Relagame.co.il
Software Link: SQLiteManager | Free Development software downloads at SourceForge.net
Version: <=1.2.4
Tested on: Windows XP, Debian 2.6.32-46
CVE: N/A
================================================== =============
Vulnerable Softwares:

Name: SQLiteManager
Official Site: SQLiteManager - administration de bases de données SQLite.

Name: Ampps
Official Site: Softaculous AMPPS

Name: VertrigoServ
Official Site: VertrigoServ
================================================== =============
About Software:
Official Site: SQLiteManager - administration de bases de données SQLite.
SQLiteManager is a database manager for SQLite databases. You can manage
any SQLite database created on any platform with SQLiteManager.
================================================== =============
Easy Way To Fix:
Find: SQLiteStripSlashes($_POST['dbpath'])
Replace: str_replace('.', '', SQLiteStripSlashes($_POST['dbpath']))
On File: ./include/add_database.php
================================================== =============

Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.

Original Source:

Source: Sqlitemanager Remote Php Code Execution(Injection) Vulnerability - Demo
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...