TUCoPS :: HP Unsorted R :: va1762.htm

Remote access vulnerability using BigDump ver. 0.29b
Remote access vulnerability using BigDump ver. 0.29b
Remote access vulnerability using BigDump ver. 0.29b


===========================================================!vuln
BigDump ver. 0.29b
Previous versions may also be affected.
===========================================================
===========================================================!risk
Medium
There are currently many websites circulating with BigDump
enabled.
===========================================================
===========================================================!dork
Dork: intitle:"BigDump ver. 0.29b"
===========================================================
===========================================================!discussion
A user is able to successfully upload files onto a server by
uploading a php shell such as c99.php, by renaming it 
c99.php.sql
===========================================================
===========================================================!solution
Do not use BigDump or put non-root/guest permissions on the
folder containing BigDump. The vendor has not yet been 
notified.
===========================================================
===========================================================!greetz
Greetz go out to the people who know me.
===========================================================
===========================================================!author
Xia Shing Zee
===========================================================

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH