CVE-2011-4107 PoC — phpMyadmin XML实体引用信息泄露漏洞

Source

https://github.com/SECFORCE/CVE-2011-4107

Associated Vulnerability

Title:phpMyadmin XML实体引用信息泄露漏洞 (CVE-2011-4107)
Description:phpMyAdmin是phpMyAdmin团队开发的一套免费的、基于Web的MySQL数据库管理工具。该工具能够创建和删除数据库，创建、删除、修改数据库表，执行SQL脚本命令等。 phpMyAdmin的libraries/import/xml.php在处理XML数据时存在错误，可被利用泄露某些本地文件，并通过发送包含外部实体引用的特制XML数据在本地网络上执行某些操作。

Description

phpMyAdmin 3.3.X and 3.4.X - Local File Inclusion

File Snapshot


 [4.0K]  /data/pocs/ae64d1fc60ba4732548372a96feae4e3dc842d9c
└── [7.9K]  phpmyadmin_lfi.rb

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!