关联漏洞
标题:phpMyAdmin 安全漏洞 (CVE-2018-12613)Description:phpMyAdmin是phpMyAdmin团队开发的一套免费的、基于Web的MySQL数据库管理工具。该工具能够创建和删除数据库,创建、删除、修改数据库表,执行SQL脚本命令等。 phpMyAdmin 4.8.2之前的4.8.x版本中存在安全漏洞。攻击者可利用该漏洞包含(查看并可能执行)服务器上的文件。
Description
PHPMyAdmin v4.8.0 and v.4.8.1 LFI exploit
介绍
# CVE-2018-12613
Local file inclusion bug due to filter bypass using %253f character.
# Software Affected
1. PHPMyAdmin v.4.8.0
2. PHPMyAdmin v.4.8.1
# How to use
This PowerShell scripts need three parameters to craft a exploit HTTP request:
1. PHPMyAdmin URL endpoint
2. Cookies for an authenticated user
3. A full path file to be retrieved in remote server
# Example
Prepare all the parameters to use the script:
Then, after you run it:
# Remote Code Execution
This could lead to remote code execution if you query a SELECT SQL containing PHP code. Then you can include your session file in /var/lib/php/sessions/SESSION_ID_HERE file to execute arbitrary PHP code.
I haven't coded a Code execution PoC. But you can do it manually and trigger it with this code.
Code author: @_zc00l
文件快照
[4.0K] /data/pocs/7a03466614fe2cc83d4a3df005870488205ea1a9
├── [ 95K] example-2.JPG
├── [ 54K] example.JPG
├── [ 18K] LICENSE
├── [2.4K] PHPMyAdmin-LFI.ps1
└── [ 863] README.md
0 directories, 5 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。