phpMyAdmin Remote Code Execution Proof of Concept-Web安全手册

分享本身就是件快乐的事我因别人得到帮助而感到幸福

phpMyAdmin Remote Code Execution Proof of Concept

2009年6月10日 8:54:34 发布:Trace

All the documentation you need is in the script comments. I recommend you to go through it, before you actually run the script.
After reading the public advisory and patched code, and playing around for a while, I managed to have a working PoC bash script. The script will allow you to remotely run shell commands and PHP code against vulnerable targets. Although in principle the vulnerability sounds quite simple, it actually took me a while to go from advisory to working attack code.
I’m providing the script with the hope that it will help pentesters and security researchers. Please only test the script against your own systems, or systems you have been given permission to pentest! Don’t be evil, it’s not worth it.

PoC: http://www.milw0rm.com/exploits/8921

More detail please visit http://www.gnucitizen.org/blog/cve-2009-1151-phpmyadmin-remote-code-execution-proof-of-concept/

Download: phpMyAdminRCE.sh

Tags: phpMyAdmin Remote Code Execution Proof of Concept PoC

相关文章:
Client side Http Parameter Pollution - Yahoo! Classic Mail Video Poc  (2009-5-22 8:29:47)
CVE-2009-1285: phpMyAdmin Code Injection  (2009-4-24 1:28:20)
Trend Micro Internet Security Pro 2009 Priviliege Escalation PoC  (2009-3-31 10:56:37)
Vulnerabilities & proofs-of-concept   (2009-1-19 21:46:59)
phpMyAdmin 3.1.0 (XSRF) SQL Injection Vulnerability  (2008-12-13 16:51:51)
Microsoft IE7 Exploit Allows Remote Code Execution on XP & Vista   (2008-12-12 17:13:51)
世界之窗(The World)浏览器地址栏欺骗漏洞POC  (2008-11-17 11:45:45)
MS Windows Server Service Code Execution PoC (MS08-067)  (2008-10-24 14:9:15)
Token Kidnapping Windows 2008 PoC exploit  (2008-10-21 12:12:50)
MS Windows GDI+ Proof of Concept (MS08-052) #2  (2008-10-10 7:14:44)

3.xhming
黑哥那也说了默认是利用不了的!
Tr4c3 于 2009-6-13 16:24:07 回复
其实http://www.milw0rm.com/exploits/8921里面也说了，有些人就不看说明，拿起就打。

# attack requirements:
# 1) vulnerable version (obviously!): 2.11.x before 2.11.9.5
# and 3.x before 3.1.3.1 according to PMASA-2009-3
# 2) it *seems* this vuln can only be exploited against environments
# where the administrator has chosen to install phpMyAdmin following
# the *wizard* method, rather than manual method: http://snipurl.com/jhjxx
# 3) administrator must have NOT deleted the '/config/' directory
# within the '/phpMyAdmin/' directory. this is because this directory is
# where '/scripts/setup.php' tries to create 'config.inc.php' which is where
# our evil PHP code is injected 8)
2009-6-11 21:06:30 回复该留言

2.blackmask
我测试了几十个，没有一个成功，看来也是一个鸡胁！
2009-6-11 20:47:29 回复该留言

1.blackmask
呵呵，我测试一下，一会提交结果！
2009-6-11 19:55:04 回复该留言

发表评论:

◎欢迎参与讨论，请在这里发表您的看法、交流您的观点。

导航

分享本身就是件快乐的事我因别人得到帮助而感到幸福

phpMyAdmin Remote Code Execution Proof of Concept

2009年6月10日 8:54:34 发布:Trace

Tags: phpMyAdmin Remote Code Execution Proof of Concept PoC

固定链接 | 分类:Web apps | 评论:3 | 引用:0 | 浏览:

Powered By Z-Blog .Theme from Google黑板报 By Washun

Copyright 2008-2009 Pcsec.org. Some Rights Reserved.苏ICP备08110306号

Search

网站分类

文章归档

最新评论及回复

最近发表

导航

分享本身就是件快乐的事 我因别人得到帮助而感到幸福

phpMyAdmin Remote Code Execution Proof of Concept

2009年6月10日 8:54:34 发布:Trace

Tags: phpMyAdmin Remote Code Execution Proof of Concept PoC

固定链接 | 分类:Web apps | 评论:3 | 引用:0 | 浏览: strBatchCount+="spn408=408,"

Powered By Z-Blog .Theme from Google黑板报 By Washun

Search

网站分类

文章归档

最新评论及回复

最近发表

分享本身就是件快乐的事我因别人得到帮助而感到幸福

固定链接 | 分类:Web apps | 评论:3 | 引用:0 | 浏览: