Press CTRL-D to bookmark us
Welcome Guest Login / Register / Members
Search in  
Top Submit newsSubscribe
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
 

 Sponsored links

Want to become one of our authors and see your work published on ALLSeek.iNFO ?
 
 phpMyChat 'setup.php3' Access Permissions Lets Remote Users Execute Arbitrary SQL Commands
Categorie: Vulnerability
Posted: 2004-12-28 by ReCall
Views: 640
Source: Click here
 		Current Rating: Not rated
Poor Best
 Details
Description: A vulnerability was reported in phpMyChat in the file permisions on 'setup.php3'. A remote user can execute SQL commands to gain administrative access on the application.

sysbug from Flow Security Group posted an exploit indicating that a remote user can invoke 'setup.php3' to execute arbitrary SQL commands. A remote user can, for example, add an administrative user to the target application.

A demonstration exploit is available at:

http://www.milw0rm.com/id.php?id=703

Impact: A remote user can execute arbitrary SQL commands on the target application.

Solution: No solution was available at the time of this entry.
 
Syndication
Permalink Email this

The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=1256

User comments (post your comments here)

Only registerd members can post comments and articles
 
Previous articleBack to news listNext article
 


InterJOB.su
Bookmark us | Set As Homepage | Advertising | Contact Us | Recomend us | Link us | Links | Terms

SpyLOG Page Rank Checker
LAST QUERIES