CVE-2019-6799 PoC — phpMyAdmin 信息泄露漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-6799.yaml

Associated Vulnerability

Title:phpMyAdmin 信息泄露漏洞 (CVE-2019-6799)
Description:phpMyAdmin是Phpmyadmin团队的一套免费的、基于Web的MySQL数据库管理工具。该工具能够创建和删除数据库，创建、删除、修改数据库表，执行SQL脚本命令等。 phpMyAdmin 4.8.5之前版本中存在安全漏洞。当AllowArbitraryServer配置被设置成为‘true’时，攻击者可利用该漏洞读取服务器上的任意文件。

Description

phpMyAdmin before 4.8.5 is susceptible to local file inclusion. When the AllowArbitraryServer configuration setting is set to true, an attacker can read, with the use of a rogue MySQL server, any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of options(MYSQLI_OPT_LOCAL_INFIL calls.

File Snapshot


 id: CVE-2019-6799

info:
  name: phpMyAdmin <4.8.5 - Local File Inclusion
  author: pwnhxl
  severit

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!