Description: After i sent my exploit to exploit-db and 1337day,
I made you this demo to show how it works.
Links For The Exploit:
http://www.exploit-db.com/exploits/24320/
http://www.1337day.com/exploit/20226
Tools used:
HCON STF
My Exploit
Music:
Infected Mushroom With Mayumana - Converting Vegetarian (Live)
Exploit Description:
===============================================================
Exploit Title: SQLiteManager 0Day Remote PHP Code Injection Vulnerability
Google Dork: intitle:SQLiteManager inurl:sqlite/
Date: 23/01/2013
Exploit Author: RealGame
Vendor Homepage: http://www.Relagame.co.il
Software Link: http://sourceforge.net/projects/sqlitemanager/
Version: <=1.2.4
Tested on: Windows XP, Debian 2.6.32-46
CVE: N/A
===============================================================
Vulnerable Softwares:
Name: SQLiteManager
Official Site: http://www.sqlitemanager.org/
Name: Ampps
Official Site: http://www.ampps.com/
Name: VertrigoServ
Official Site: http://vertrigo.sourceforge.net/
===============================================================
About Software:
Official Site: http://www.sqlitemanager.org/
SQLiteManager is a database manager for SQLite databases. You can manage
any SQLite database created on any platform with SQLiteManager.
===============================================================
Easy Way To Fix:
Find: SQLiteStripSlashes($_POST['dbpath'])
Replace: str_replace('.', '', SQLiteStripSlashes($_POST['dbpath']))
On File: ./include/add_database.php
===============================================================
Tags: Demonstration , Hacking Pentesting , hack , hacker , ethical hacking , web secuirty , secuirty , Hacker (term) , White Hat (computer Security) , Hacker (computer Security) , Computer Security (Industry) , HCONSTF , HCON STF , SQLiteManager , Remote PHP Code Injection , Vulnerability , RCE ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.