( ~~~ )
  ))^ ^((
 ((* - *))
   _) (_
 / '--' \     ^
//(_  _)\\   /_\
\\ )__( //   .'
 (( v  ))   (
   \| /\     '-.
    K(  \       )
    |\\  '-._.-'
    ||\\
  *_-P/,P
     '-
Want your PHP application manually audited? Check out Xxor AB's PHP Security Auditing Service

Saturday, July 9, 2011

phpMyAdmin 3.x Swekey RCI Exploit

Someone else submitted a working python exploit to exploit-db. It's already out there so I might as well publish my original exploit written in PHP.
2011-07-20 - Fixed some bugs in the exploit.

Download here
Upplagd av Mango kl. 2:01 AM
Etiketter: , ,

11 comments:

  1. CrashJuly 12, 2011 at 6:02 PM

    Perfect! Congratz!

    ReplyDelete
  2. AnonymousJuly 25, 2011 at 10:14 AM

    hey nyc bro i want to learn how to find vulnerabilities in phpmyadmin i know sql injection but tht has nothing to do with this thing can u please guide me wht things to check in phpmyadmin to see if it has a hole or not

    ReplyDelete
  3. GrishAugust 13, 2011 at 11:18 PM

    Hello I downloaded this exploit but i cant find the place where i should writ url can anybody help me

    ReplyDelete
  4. MangoAugust 14, 2011 at 11:41 AM

    @Grish
    Uhm, what have you tried so far?

    ReplyDelete
  5. GrishAugust 14, 2011 at 6:53 PM

    I tried to use thie exploit but dont now wehre i will write the Victims address can you help me
    I put php file into local server (denwer) then opend it in browser but i recive the folowing
    [!] Fatal error. Need cURL! [*] Exiting...
    (Sorry for mistakes English isn't my native language;)

    ReplyDelete
  6. MangoAugust 16, 2011 at 11:40 AM

    @Grish
    Your server does not have cURL.

    ReplyDelete
  7. AnonymousSeptember 13, 2011 at 10:20 AM

    PHP Notice: Undefined offset: 1 in C:\xampp\php\tttt.php on line 92



    // Extract cookie
    preg_match('/phpMyAdmin=([^;]+)/', $result, $matches);
    $cookie = $matches[1];
    output("[i] Cookie:".$cookie);
    // Extract token
    preg_match('/(token=|token" value=")([0-9a-f]{32})/', $result, $matches);
    $token = $matches[2];
    output("[i] Token:".$token);

    ReplyDelete
  8. AnonymousSeptember 29, 2011 at 6:05 PM

    http://HOST/setup/index.php always is bloqued by a login (htaccess style)?

    ReplyDelete
  9. jowdjbrownMay 3, 2015 at 8:10 AM

    This type of message always inspiring and I prefer to read quality content, so happy to find good place to many here in the post, the writing is just great, thanks for the post. Hypnoterapi

    ReplyDelete
  10. Richard C. LambertDecember 9, 2015 at 10:09 AM

    Hello I downloaded this exploit but i cant find the place where i should writ url can anybody help meRabattkoder Cdon

    ReplyDelete

Subscribe to: Post Comments (Atom)