AOH :: HP Unsorted R :: VA1762.HTM

Remote access vulnerability using BigDump ver. 0.29b



Remote access vulnerability using BigDump ver. 0.29b
Remote access vulnerability using BigDump ver. 0.29b



===========================================================!vuln
BigDump ver. 0.29b
Previous versions may also be affected.
===========================================================
===========================================================!risk
Medium
There are currently many websites circulating with BigDump
enabled.
===========================================================
===========================================================!dork
Dork: intitle:"BigDump ver. 0.29b"
===========================================================
===========================================================!discussion
A user is able to successfully upload files onto a server by
uploading a php shell such as c99.php, by renaming it 
c99.php.sql
===========================================================
===========================================================!solution
Do not use BigDump or put non-root/guest permissions on the
folder containing BigDump. The vendor has not yet been 
notified.
===========================================================
===========================================================!greetz
Greetz go out to the people who know me.
===========================================================
===========================================================!author
Xia Shing Zee
===========================================================

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.