Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:20843
HistoryNov 10, 2008 - 12:00 a.m.

Remote access vulnerability using BigDump ver. 0.29b

2008-11-1000:00:00
vulners.com
24
JSON

============================================================
!vuln
BigDump ver. 0.29b
Previous versions may also be affected.

============================================================
!risk
Medium
There are currently many websites circulating with BigDump
enabled.

============================================================
!dork
Dork: intitle:"BigDump ver. 0.29b"

============================================================
!discussion
A user is able to successfully upload files onto a server by
uploading a php shell such as c99.php, by renaming it
c99.php.sql

============================================================
!solution
Do not use BigDump or put non-root/guest permissions on the
folder containing BigDump. The vendor has not yet been
notified.

============================================================
!greetz
Greetz go out to the people who know me.

============================================================
!author
Xia Shing Zee

JSON