facebook facebook twitter rss

phpLiteAdmin v1.X.X Auth Bypass/Download DB vulnerabilities

Author: TUNISIAN CYBER , Published: 08-12-2013
X-------------------------------------------------------------X
_____ _ _ _ _ _____ _____ _____ ___ _ _ _______ _______ ___________
|_ _| | | | \ | |_ _/ ___|_ _|/ _ \ | \ | | / __ \ \ / / ___ \ ___| ___ \
| | | | | | \| | | | \ `--. | | / /_\ \| \| | | / \/\ V /| |_/ / |__ | |_/ /
| | | | | | . ` | | | `--. \ | | | _ || . ` | | | \ / | ___ \ __|| /
| | | |_| | |\ |_| |_/\__/ /_| |_| | | || |\ | | \__/\ | | | |_/ / |___| |\ \
\_/ \___/\_| \_/\___/\____/ \___/\_| |_/\_| \_/ \____/ \_/ \____/\____/\_| \_|
X-------------------------------------------------------------X


[+] Author: TUNISIAN CYBER
[+] Exploit Title: phpLiteAdmin v1.X.X Auth Bypass/Download DB vulnerabilities
[+] Date: 8-12-2013
[+] Category: WebApp
[+] Google Dork: n/a
[+] Tested on: Win7 , ubuntu 13.04


########################################################################################

1/ Auth Bypass:
127.0.0.1/phpliteadmin.php

username: admin

Source Code (lines 35--->36) (v1.6)

//password to gain access (change this to something more secure than 'admin')
$password = "admin";

Source Code (lines 47--->48) (1.9.4.1)
//password to gain access
$password = 'admin';

2/Download DB:
127.0.0.1/phpliteadmin.php?view=export
Go To "Save As" then click "Export"

Sites that could be infected: 85/100

./3nD
########################################################################################

Like us on Facebook :