Jump to content
Cheater

phpMyAdmin PHP Code Injection RCE PoC v0.11

Recommended Posts

Astazi aruncand o privire pe milw0rm, am dat peste o vulnerabilitate interesanta, relativ fresh (4th June 2009), phpMyAdmin php injection, mai precis.

Explit:

http://www.milw0rm.com/exploits/8921

Info:

# CVE-2009-1151: phpMyAdmin '/scripts/setup.php' PHP Code Injection RCE PoC v0.11

# by pagvac (gnucitizen.org), 4th June 2009.

# special thanks to Greg Ose (labs.neohapsis.com) for discovering such a cool vuln,

# and to str0ke (milw0rm.com) for testing this PoC script and providing feedback!

# PoC script successfully tested on the following targets:

# phpMyAdmin 2.11.4, 2.11.9.3, 2.11.9.4, 3.0.0 and 3.0.1.1

# Linux 2.6.24-24-generic i686 GNU/Linux (Ubuntu 8.04.2)

# attack requirements:

# 1) vulnerable version (obviously!): 2.11.x before 2.11.9.5

# and 3.x before 3.1.3.1 according to PMASA-2009-3

# 2) it *seems* this vuln can only be exploited against environments

# where the administrator has chosen to install phpMyAdmin following

# the *wizard* method, rather than manual method: http://snipurl.com/jhjxx

# 3) administrator must have NOT deleted the '/config/' directory

# within the '/phpMyAdmin/' directory. this is because this directory is

# where '/scripts/setup.php' tries to create 'config.inc.php' which is where

# our evil PHP code is injected 8)

# more info on:

# http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php

# http://labs.neohapsis.com/2009/04/06/about-cve-2009-1151/

Link to comment
Share on other sites

Frate nu mai redeschide topicuri vechi ar trebui sa primesti un warn si un lock la topic :|

BTW: De ce sa platesti cand poti sa le gasesti pe net gratis.

EDIT pentru postul lui begood de mai jos:

print "Hai cu mata ca o sa ai un server\n\n";

Viens avec une natte que vous avez un serveur

print "[*] Ma pis pa el root\n";

Pa lui pisse root

print "[*] Sloboz...\n";

Sloboz?

print "[*] Hopa tinere\n";

Attention les jeunes

print "[*] Si hai cu mata!rupel\n\n";

Et je pars avec vous! Rupel

print "[semnat] mozi\n\n";

[signé] Mozi

Mor de ras =))

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...