CVE-2008-6660

BigDump 0.29b - Unauthenticated Arbitrary File Upload and Remote Code Execution via Executable Extension Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6660. PoCs published by felipe andrian.

AI-analyzed exploit summary This is a writeup describing an arbitrary file upload vulnerability in BigDump v0.35b. The exploit allows attackers to upload files and shells by tampering with the 'start' parameter in the bigdump.php file.

Description

Unrestricted file upload vulnerability in bigdump.php in Alexey Ozerov BigDump 0.29b allows remote attackers to execute arbitrary code by uploading a file with an executable extension followed by a .sql extension, then accessing this file via a direct request. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED

by felipe andrian · textwebappsphp

https://www.exploit-db.com/exploits/32479

View Code ZIP pw:eip

This is a writeup describing an arbitrary file upload vulnerability in BigDump v0.35b. The exploit allows attackers to upload files and shells by tampering with the 'start' parameter in the bigdump.php file.

Classification

Writeup 80%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: BigDump v0.35b

No auth needed

Prerequisites: Access to the bigdump.php file on the target server

MITRE ATT&CK

T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/32152

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/46539

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/498093/100/0/threaded

Scores

EPSS 0.0298

EPSS Percentile 85.5%

Details

Status published

Products (1)

ozerov/bigdump 029b

Published Apr 07, 2009

Tracked Since Feb 18, 2026