phpMyAdmin PHP Code Injection RCE PoC v0.11

[Cheater]

Astazi aruncand o privire pe milw0rm, am dat peste o vulnerabilitate interesanta, relativ fresh (4th June 2009), phpMyAdmin php injection, mai precis.

Explit:

http://www.milw0rm.com/exploits/8921

Info:

# CVE-2009-1151: phpMyAdmin '/scripts/setup.php' PHP Code Injection RCE PoC v0.11

# by pagvac (gnucitizen.org), 4th June 2009.

# special thanks to Greg Ose (labs.neohapsis.com) for discovering such a cool vuln,

# and to str0ke (milw0rm.com) for testing this PoC script and providing feedback!

# PoC script successfully tested on the following targets:

# phpMyAdmin 2.11.4, 2.11.9.3, 2.11.9.4, 3.0.0 and 3.0.1.1

# Linux 2.6.24-24-generic i686 GNU/Linux (Ubuntu 8.04.2)

# attack requirements:

# 1) vulnerable version (obviously!): 2.11.x before 2.11.9.5

# and 3.x before 3.1.3.1 according to PMASA-2009-3

# 2) it *seems* this vuln can only be exploited against environments

# where the administrator has chosen to install phpMyAdmin following

# the *wizard* method, rather than manual method: http://snipurl.com/jhjxx

# 3) administrator must have NOT deleted the '/config/' directory

# within the '/phpMyAdmin/' directory. this is because this directory is

# where '/scripts/setup.php' tries to create 'config.inc.php' which is where

# our evil PHP code is injected 8)

# more info on:

# http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php

# http://labs.neohapsis.com/2009/04/06/about-cve-2009-1151/

[napoletanii]

am facut un mic scanner cu expl'u asta si rezultatul a fost foarte 'neasteptat' sa zic asa

http://193.204.5.73//phpMyAdmin/config/config.inc.php?c=id;w

http://193.204.68.96//phpMyAdmin/config/config.inc.php?c=id;w

http://193.204.77.89//phpMyAdmin/config/config.inc.php?c=id;w

etc

pentru cei in 'bransa'

[Fitty]

too late darling...already found...doamne penibili suntem ba paxica )))

exploatam ce deja s-a exploatat

[napoletanii]

play on nu e nimic penibil in asta , oricum erau niste tampenii de servare

[eXcEssz0r]

am facut un mic scanner cu expl'u asta si rezultatul a fost foarte 'neasteptat' sa zic asa

http://193.204.5.73//phpMyAdmin/config/config.inc.php?c=id;w

http://193.204.68.96//phpMyAdmin/config/config.inc.php?c=id;w

http://193.204.77.89//phpMyAdmin/config/config.inc.php?c=id;w

etc

pentru cei in 'bransa'

Îmi dai ?i mie PM cu scannerul ?la ?

[ocb]

si mie si mie

[eugen9f]

si mie pls

[Oust]

da posteazal aici sa il aibe toata lumea

[gekystop]

pune careva scaneru aici?

[napoletanii]

terminati cu cacealmaua asta, l-am sters de mult

daca aveati un minim de cunostinte il faceati usor , gasiti tot pe google

[codehunter]

are cineva scanneru de vanzare? sau ceva mai nou?

[Zatarra]

Frate nu mai redeschide topicuri vechi ar trebui sa primesti un warn si un lock la topic

BTW: De ce sa platesti cand poti sa le gasesti pe net gratis.

EDIT pentru postul lui begood de mai jos:

print "Hai cu mata ca o sa ai un server\n\n";

Viens avec une natte que vous avez un serveur

print "[*] Ma pis pa el root\n";

Pa lui pisse root

print "[*] Sloboz...\n";

Sloboz?

print "[*] Hopa tinere\n";

Attention les jeunes

print "[*] Si hai cu mata!rupel\n\n";

Et je pars avec vous! Rupel

print "[semnat] mozi\n\n";

[signé] Mozi

Mor de ras

[Cheater]

cauta phpmyadmin pe Exploits Database by Offensive Security si il gasesti.

[begood]

Psssst! ~ Forum québécois branché ~ Québec ~ Montréal

)))

[bresti2]

milw0rm e mort.

[Rumy]

il stiu pe mozi asta le are rau de tot cu php`u

[sTrEs]

te-ai trezit si tu sa dai comment la un post de anu trecut bun asa Rumy..