CVE-2018-12613 PoC — phpMyAdmin 安全漏洞

Source

https://github.com/0x00-0x00/CVE-2018-12613

Associated Vulnerability

Title:phpMyAdmin 安全漏洞 (CVE-2018-12613)
Description:phpMyAdmin是phpMyAdmin团队开发的一套免费的、基于Web的MySQL数据库管理工具。该工具能够创建和删除数据库，创建、删除、修改数据库表，执行SQL脚本命令等。 phpMyAdmin 4.8.2之前的4.8.x版本中存在安全漏洞。攻击者可利用该漏洞包含（查看并可能执行）服务器上的文件。

Description

PHPMyAdmin v4.8.0 and v.4.8.1 LFI exploit

Readme

# CVE-2018-12613
Local file inclusion bug due to filter bypass using %253f character.

# Software Affected
1. PHPMyAdmin v.4.8.0
2. PHPMyAdmin v.4.8.1

# How to use
This PowerShell scripts need three parameters to craft a exploit HTTP request:

    1. PHPMyAdmin URL endpoint
    2. Cookies for an authenticated user
    3. A full path file to be retrieved in remote server

# Example

Prepare all the parameters to use the script:

![Screenshot](example.JPG)

Then, after you run it:

![Screenshot](example-2.JPG)

# Remote Code Execution

This could lead to remote code execution if you query a SELECT SQL containing PHP code. Then you can include your session file in /var/lib/php/sessions/SESSION_ID_HERE file to execute arbitrary PHP code.

I haven't coded a Code execution PoC. But you can do it manually and trigger it with this code.

Code author: @_zc00l

File Snapshot


 [4.0K]  /data/pocs/7a03466614fe2cc83d4a3df005870488205ea1a9
├── [ 95K]  example-2.JPG
├── [ 54K]  example.JPG
├── [ 18K]  LICENSE
├── [2.4K]  PHPMyAdmin-LFI.ps1
└── [ 863]  README.md

0 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!