Cheater Posted June 16, 2009 Report Share Posted June 16, 2009 Astazi aruncand o privire pe milw0rm, am dat peste o vulnerabilitate interesanta, relativ fresh (4th June 2009), phpMyAdmin php injection, mai precis.Explit:http://www.milw0rm.com/exploits/8921Info:# CVE-2009-1151: phpMyAdmin '/scripts/setup.php' PHP Code Injection RCE PoC v0.11# by pagvac (gnucitizen.org), 4th June 2009.# special thanks to Greg Ose (labs.neohapsis.com) for discovering such a cool vuln, # and to str0ke (milw0rm.com) for testing this PoC script and providing feedback!# PoC script successfully tested on the following targets:# phpMyAdmin 2.11.4, 2.11.9.3, 2.11.9.4, 3.0.0 and 3.0.1.1# Linux 2.6.24-24-generic i686 GNU/Linux (Ubuntu 8.04.2)# attack requirements:# 1) vulnerable version (obviously!): 2.11.x before 2.11.9.5# and 3.x before 3.1.3.1 according to PMASA-2009-3# 2) it *seems* this vuln can only be exploited against environments# where the administrator has chosen to install phpMyAdmin following# the *wizard* method, rather than manual method: http://snipurl.com/jhjxx# 3) administrator must have NOT deleted the '/config/' directory# within the '/phpMyAdmin/' directory. this is because this directory is# where '/scripts/setup.php' tries to create 'config.inc.php' which is where# our evil PHP code is injected 8)# more info on:# http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php# http://labs.neohapsis.com/2009/04/06/about-cve-2009-1151/ Quote Link to comment Share on other sites More sharing options...
napoletanii Posted July 29, 2009 Report Share Posted July 29, 2009 am facut un mic scanner cu expl'u asta si rezultatul a fost foarte 'neasteptat' sa zic asahttp://193.204.5.73//phpMyAdmin/config/config.inc.php?c=id;whttp://193.204.68.96//phpMyAdmin/config/config.inc.php?c=id;whttp://193.204.77.89//phpMyAdmin/config/config.inc.php?c=id;wetcpentru cei in 'bransa' Quote Link to comment Share on other sites More sharing options...
Fitty Posted July 30, 2009 Report Share Posted July 30, 2009 too late darling...already found...doamne penibili suntem ba paxica )))exploatam ce deja s-a exploatat Quote Link to comment Share on other sites More sharing options...
napoletanii Posted August 1, 2009 Report Share Posted August 1, 2009 play on nu e nimic penibil in asta , oricum erau niste tampenii de servare Quote Link to comment Share on other sites More sharing options...
eXcEssz0r Posted August 2, 2009 Report Share Posted August 2, 2009 am facut un mic scanner cu expl'u asta si rezultatul a fost foarte 'neasteptat' sa zic asahttp://193.204.5.73//phpMyAdmin/config/config.inc.php?c=id;whttp://193.204.68.96//phpMyAdmin/config/config.inc.php?c=id;whttp://193.204.77.89//phpMyAdmin/config/config.inc.php?c=id;wetcpentru cei in 'bransa'Îmi dai ?i mie PM cu scannerul ?la ? Quote Link to comment Share on other sites More sharing options...
ocb Posted August 22, 2009 Report Share Posted August 22, 2009 si mie si mie Quote Link to comment Share on other sites More sharing options...
eugen9f Posted August 25, 2009 Report Share Posted August 25, 2009 si mie pls Quote Link to comment Share on other sites More sharing options...
Oust Posted August 26, 2009 Report Share Posted August 26, 2009 da posteazal aici sa il aibe toata lumea Quote Link to comment Share on other sites More sharing options...
gekystop Posted September 2, 2009 Report Share Posted September 2, 2009 pune careva scaneru aici? Quote Link to comment Share on other sites More sharing options...
napoletanii Posted September 4, 2009 Report Share Posted September 4, 2009 terminati cu cacealmaua asta, l-am sters de mult daca aveati un minim de cunostinte il faceati usor , gasiti tot pe google Quote Link to comment Share on other sites More sharing options...
codehunter Posted September 30, 2010 Report Share Posted September 30, 2010 are cineva scanneru de vanzare? sau ceva mai nou? Quote Link to comment Share on other sites More sharing options...
Zatarra Posted September 30, 2010 Report Share Posted September 30, 2010 Frate nu mai redeschide topicuri vechi ar trebui sa primesti un warn si un lock la topic BTW: De ce sa platesti cand poti sa le gasesti pe net gratis.EDIT pentru postul lui begood de mai jos:print "Hai cu mata ca o sa ai un server\n\n";Viens avec une natte que vous avez un serveurprint "[*] Ma pis pa el root\n";Pa lui pisse rootprint "[*] Sloboz...\n";Sloboz?print "[*] Hopa tinere\n";Attention les jeunesprint "[*] Si hai cu mata!rupel\n\n";Et je pars avec vous! Rupelprint "[semnat] mozi\n\n";[signé] Mozi Mor de ras Quote Link to comment Share on other sites More sharing options...
Cheater Posted October 1, 2010 Author Report Share Posted October 1, 2010 cauta phpmyadmin pe Exploits Database by Offensive Security si il gasesti. Quote Link to comment Share on other sites More sharing options...
begood Posted October 1, 2010 Report Share Posted October 1, 2010 Psssst! ~ Forum québécois branché ~ Québec ~ Montréal))) Quote Link to comment Share on other sites More sharing options...
bresti2 Posted November 23, 2010 Report Share Posted November 23, 2010 milw0rm e mort. Quote Link to comment Share on other sites More sharing options...
Rumy Posted October 27, 2011 Report Share Posted October 27, 2011 il stiu pe mozi asta le are rau de tot cu php`u Quote Link to comment Share on other sites More sharing options...
sTrEs Posted October 28, 2011 Report Share Posted October 28, 2011 te-ai trezit si tu sa dai comment la un post de anu trecut bun asa Rumy.. Quote Link to comment Share on other sites More sharing options...