( ~~~ )
  ))^ ^((
 ((* - *))
   _) (_
 / '--' \     ^
//(_  _)\\   /_\
\\ )__( //   .'
 (( v  ))   (
   \| /\     '-.
    K(  \       )
    |\\  '-._.-'
    ||\\
  *_-P/,P
     '-
Want your PHP application manually audited? Check out Xxor AB's PHP Security Auditing Service

Saturday, July 9, 2011

phpMyAdmin 3.x Swekey RCI Exploit

Someone else submitted a working python exploit to exploit-db. It's already out there so I might as well publish my original exploit written in PHP.
2011-07-20 - Fixed some bugs in the exploit.

Download here
Upplagd av Mango kl. 2:01 AM
Etiketter: , ,

28 comments:

  1. CrashJuly 12, 2011 at 6:02 PM

    Perfect! Congratz!

    ReplyDelete
  2. AnonymousJuly 25, 2011 at 10:14 AM

    hey nyc bro i want to learn how to find vulnerabilities in phpmyadmin i know sql injection but tht has nothing to do with this thing can u please guide me wht things to check in phpmyadmin to see if it has a hole or not

    ReplyDelete
  3. GrishAugust 13, 2011 at 11:18 PM

    Hello I downloaded this exploit but i cant find the place where i should writ url can anybody help me

    ReplyDelete
  4. MangoAugust 14, 2011 at 11:41 AM

    @Grish
    Uhm, what have you tried so far?

    ReplyDelete
  5. GrishAugust 14, 2011 at 6:53 PM

    I tried to use thie exploit but dont now wehre i will write the Victims address can you help me
    I put php file into local server (denwer) then opend it in browser but i recive the folowing
    [!] Fatal error. Need cURL! [*] Exiting...
    (Sorry for mistakes English isn't my native language;)

    ReplyDelete
  6. MangoAugust 16, 2011 at 11:40 AM

    @Grish
    Your server does not have cURL.

    ReplyDelete
  7. AnonymousSeptember 13, 2011 at 10:20 AM

    PHP Notice: Undefined offset: 1 in C:\xampp\php\tttt.php on line 92



    // Extract cookie
    preg_match('/phpMyAdmin=([^;]+)/', $result, $matches);
    $cookie = $matches[1];
    output("[i] Cookie:".$cookie);
    // Extract token
    preg_match('/(token=|token" value=")([0-9a-f]{32})/', $result, $matches);
    $token = $matches[2];
    output("[i] Token:".$token);

    ReplyDelete
  8. AnonymousSeptember 29, 2011 at 6:05 PM

    http://HOST/setup/index.php always is bloqued by a login (htaccess style)?

    ReplyDelete
  9. Richard C. LambertDecember 9, 2015 at 10:09 AM

    Hello I downloaded this exploit but i cant find the place where i should writ url can anybody help meRabattkoder Cdon

    ReplyDelete
  10. vivikhapnoiNovember 19, 2020 at 11:20 AM

    The article was up to the point and described the information very effectively.

    vé máy bay hà nội đi nhật bản

    đặt vé máy bay đi đài loan

    giá vé máy bay đi taipei

    vé máy bay từ hà nội đi cao hùng

    ReplyDelete
  11. jacksoNovember 28, 2020 at 4:08 PM

    Are you also searching for spanish nursing writing services we are the best solution for you. We are best known for delivering the best services to students.  

    ReplyDelete
  12. ve may bay tetJanuary 28, 2021 at 11:14 AM

    Đặt vé tại Aivivu, tham khảo

    giá vé máy bay đi Mỹ khứ hồi

    vietnam airlines quốc tế

    đăng ký bay từ canada về Việt Nam

    Máy bay từ Hàn Quốc về Việt Nam

    ReplyDelete
  13. Call girls in mahipalpurMarch 31, 2021 at 12:37 PM

    Call Girl in Delhi is basically becoming extremely popular in India day by day. But there are numerous problems related to this profession that you simply are really likely to explore beforehand before you really avail any of escort services. Rather most of them are able to cheat and deceive you in how or other. this is often the rationale it's always important for you discover an honest and reliable escort service. Delhi Escorts is understood to be the simplest choice for you any day. you're given the simplest escort service once you plan to choose these amazing Escort service in Delhi. All of the policies and ethics of those call girls are completely customers oriented. The Independent Delhi Escorts understand on how important it's to satisfy your physical and mental needs. Hence, they always look out of your needs with utmost care.

    ReplyDelete
  14. singapore assignment helpApril 10, 2021 at 9:34 AM

    I like the helpful information you provide in your articles. I’ll bookmark your blog and check again here regularly. write my essay

    ReplyDelete
  15. sriDecember 30, 2021 at 7:54 AM

    Excellent content ,Thanks for sharing this .,
    Leanpitch provides online training in CSPO, everyone can use it wisely.

    CSPO certification
    CSPO TRAINING

    ReplyDelete
  16. sriJanuary 7, 2022 at 7:11 AM

    Excellent content ,Thanks for sharing this .,


    CSPO certification
    CSPO TRAINING

    ReplyDelete
  17. sriJanuary 7, 2022 at 7:11 AM

    Excellent content ,Thanks for sharing this .,


    certified scrum master certification
    agile scrum master certification

    ReplyDelete
  18. sriJanuary 7, 2022 at 7:12 AM

    Excellent content ,Thanks for sharing this .,
    ICP ACC certification
    Certified Agile coach

    ReplyDelete
  19. AnonymousJanuary 24, 2022 at 7:42 PM

    bons casino - Get up to 100% bonus up to $100
    bons casino bk8 ➤ Play ボンズ カジノ at Borgata online casino and play クイーンカジノ casino games ➤ Join today! ☝ SIGN IN!

    ReplyDelete
  20. FrankJanuary 31, 2022 at 5:10 PM

    Another person presented a functioning python exploit to take advantage of db. Buy Custom Essay Online It's as of now out there so should distribute unique endeavor written in PHP.

    ReplyDelete
  21. Majortotosite ComMarch 30, 2022 at 6:14 AM

    I love reading through and I believe this website got some genuinely 토토

    ReplyDelete
  22. Racesite ProMarch 30, 2022 at 6:15 AM

    This is a really very informative article, there is no doubt about it. Thanks for sharing this article with us. This is very nice of you. 온라인경마

    ReplyDelete
  23. Totopick ProMarch 30, 2022 at 6:19 AM

    Very helpful information specifically the final phase. I handle such info a lot. I used to be seeking this certain info for a long time. 토토사이트

    ReplyDelete
  24. jackyApril 12, 2023 at 8:57 AM

    This post is a valuable resource for industry professionals as the information provided is highly relevant and current. investing in a gold IRA

    ReplyDelete
  25. PreslinApril 18, 2023 at 3:31 PM

    Nice to read php based articles. Thanks for sharing this beautiful informative article. Keep sharing more blogs. DUI Lawyer Suffolk VA

    ReplyDelete
  26. Thomas smithMay 4, 2023 at 3:39 PM

    PayPal alternatives security is a crucial aspect to consider when choosing a payment gateway for your business. While PayPal has robust security measures in place, other payment gateways have their own unique security features.

    ReplyDelete
  27. Shaun JamesJuly 10, 2023 at 10:38 AM

    This is very valuable post. This is very useful for me. I learned a lot of from this article. Thanks for sharing this article with us. Now its time to avail Sign and Blind Services in Eastbourne for more information.

    ReplyDelete
  28. AnonymousSeptember 6, 2023 at 12:39 PM

    PrivateEyesPI.com offers certified ethical hackers for tailored cybersecurity solutions. Benefit from enhanced security, peace of mind, and transparent services. Trust us to protect your digital world with legal and ethical practices. Your online security is our priority.

    ReplyDelete

Subscribe to: Post Comments (Atom)