Someone else submitted a working python exploit to exploit-db. It's already out there so I might as well publish my original exploit written in PHP.
2011-07-20 - Fixed some bugs in the exploit.
Download here
Saturday, July 9, 2011
Subscribe to:
Post Comments (Atom)
Perfect! Congratz!
ReplyDeletehey nyc bro i want to learn how to find vulnerabilities in phpmyadmin i know sql injection but tht has nothing to do with this thing can u please guide me wht things to check in phpmyadmin to see if it has a hole or not
ReplyDeleteHello I downloaded this exploit but i cant find the place where i should writ url can anybody help me
ReplyDelete@Grish
ReplyDeleteUhm, what have you tried so far?
I tried to use thie exploit but dont now wehre i will write the Victims address can you help me
ReplyDeleteI put php file into local server (denwer) then opend it in browser but i recive the folowing
[!] Fatal error. Need cURL! [*] Exiting...
(Sorry for mistakes English isn't my native language;)
@Grish
ReplyDeleteYour server does not have cURL.
PHP Notice: Undefined offset: 1 in C:\xampp\php\tttt.php on line 92
ReplyDelete// Extract cookie
preg_match('/phpMyAdmin=([^;]+)/', $result, $matches);
$cookie = $matches[1];
output("[i] Cookie:".$cookie);
// Extract token
preg_match('/(token=|token" value=")([0-9a-f]{32})/', $result, $matches);
$token = $matches[2];
output("[i] Token:".$token);
http://HOST/setup/index.php always is bloqued by a login (htaccess style)?
ReplyDeleteThis type of message always inspiring and I prefer to read quality content, so happy to find good place to many here in the post, the writing is just great, thanks for the post. Hypnoterapi
ReplyDeleteHello I downloaded this exploit but i cant find the place where i should writ url can anybody help meRabattkoder Cdon
ReplyDelete