Merge pull request #2900 from CristiVlad25/misconfiguration

Added PhpMyAdmin Server Import Misconfiguration Template
patch-1
Sandeep Singh 2021-10-16 01:17:34 +05:30 committed by GitHub
commit b0d877499a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 35 additions and 0 deletions

View File

@ -0,0 +1,35 @@
id: pma-server-import
info:
name: PhpMyAdmin Server Import
author: Cristi vlad (@cristivlad25)
severity: high
description: Finds Unauthenticated PhpMyAdmin Server Import Pages.
tags: phpmyadmin,misconfig
requests:
- method: GET
path:
- "{{BaseURL}}/pma/server_import.php"
- "{{BaseURL}}/phpmyadmin/server_import.php"
- "{{BaseURL}}/phpMyAdmin 2/server_import.php"
- "{{BaseURL}}/db/server_import.php"
- "{{BaseURL}}/server_import.php"
- "{{BaseURL}}/PMA/server_import.php"
- "{{BaseURL}}/admin/server_import.php"
- "{{BaseURL}}/admin/pma/server_import.php"
- "{{BaseURL}}/phpMyAdmin/server_import.php"
- "{{BaseURL}}/admin/phpMyAdmin/server_import.php"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
condition: and
words:
- "File to import"
- "Location of the text file"
- type: status
status:
- 200