( ~~~ )
  ))^ ^((
 ((* - *))
   _) (_
 / '--' \     ^
//(_  _)\\   /_\
\\ )__( //   .'
 (( v  ))   (
   \| /\     '-.
    K(  \       )
    |\\  '-._.-'
    ||\\
  *_-P/,P
     '-
Want your PHP application manually audited? Check out Xxor AB's PHP Security Auditing Service

Saturday, July 9, 2011

phpMyAdmin 3.x Swekey RCI Exploit

Someone else submitted a working python exploit to exploit-db. It's already out there so I might as well publish my original exploit written in PHP.
2011-07-20 - Fixed some bugs in the exploit.

Download here

13 comments:

  1. hey nyc bro i want to learn how to find vulnerabilities in phpmyadmin i know sql injection but tht has nothing to do with this thing can u please guide me wht things to check in phpmyadmin to see if it has a hole or not

    ReplyDelete
  2. Hello I downloaded this exploit but i cant find the place where i should writ url can anybody help me

    ReplyDelete
  3. @Grish
    Uhm, what have you tried so far?

    ReplyDelete
  4. I tried to use thie exploit but dont now wehre i will write the Victims address can you help me
    I put php file into local server (denwer) then opend it in browser but i recive the folowing
    [!] Fatal error. Need cURL! [*] Exiting...
    (Sorry for mistakes English isn't my native language;)

    ReplyDelete
  5. @Grish
    Your server does not have cURL.

    ReplyDelete
  6. PHP Notice: Undefined offset: 1 in C:\xampp\php\tttt.php on line 92



    // Extract cookie
    preg_match('/phpMyAdmin=([^;]+)/', $result, $matches);
    $cookie = $matches[1];
    output("[i] Cookie:".$cookie);
    // Extract token
    preg_match('/(token=|token" value=")([0-9a-f]{32})/', $result, $matches);
    $token = $matches[2];
    output("[i] Token:".$token);

    ReplyDelete
  7. http://HOST/setup/index.php always is bloqued by a login (htaccess style)?

    ReplyDelete
  8. This type of message always inspiring and I prefer to read quality content, so happy to find good place to many here in the post, the writing is just great, thanks for the post. Hypnoterapi

    ReplyDelete
  9. Hello I downloaded this exploit but i cant find the place where i should writ url can anybody help meRabattkoder Cdon

    ReplyDelete
  10. Are you also searching for spanish nursing writing services we are the best solution for you. We are best known for delivering the best services to students.  

    ReplyDelete