CVE-2009-1151 PoC — phpMyAdmin setup.php脚本PHP代码注入漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2009/CVE-2009-1151.yaml

Associated Vulnerability

Title:phpMyAdmin setup.php脚本PHP代码注入漏洞 (CVE-2009-1151)
Description:phpMyAdmin是用PHP编写的工具，用于通过WEB管理MySQL。 phpMyAdmin的Setup脚本用于生成配置。如果远程攻击者向该脚本提交了特制的POST请求的话，就可能在生成的config.inc.php配置文件中包含任意PHP代码。由于配置文件被保存到了服务器上，未经认证的远程攻击者可以利用这个漏洞执行任意PHP代码。

Description

PhpMyAdmin Scripts 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 are susceptible to a remote code execution in setup.php that allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. Combined with the ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code.

File Snapshot


 id: CVE-2009-1151

info:
  name: PhpMyAdmin Scripts - Remote Code Execution
  author: princechaddha


...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!