Comments on: CVE-2009-1151: phpMyAdmin Remote Code Execution Proof of Concept

By: Backup de tus bases de datos con phpMyAdmin

Backup de tus bases de datos con phpMyAdmin — Wed, 30 Sep 2009 14:34:07 +0000

[...] enormemente si tienes instalado phpMyAdmin. Ten cuidado con la versión que tienes porque hay varios exploits que afectan a la misma, y si no tienes la última versión puede haber [...]

By: phpMyAdmin Remote Code Execution: how to mess with disaster

phpMyAdmin Remote Code Execution: how to mess with disaster — Wed, 16 Sep 2009 07:57:47 +0000

[...] For a full documentation about the exploit, please read this article. [...]

By: Corina Mandel

Corina Mandel — Wed, 16 Sep 2009 07:45:28 +0000

We got this tip (the link) from a another programmer. And in fact: our phpMyAdmin-version was outdated and vulnerable :(

By: [RESOLVED] [error] an unknown filter was not added: PHP

[RESOLVED] [error] an unknown filter was not added: PHP — Tue, 15 Sep 2009 12:30:12 +0000

[...] Last week one of our servers was deeply atacked by a hacker using a phpMyAdmin’s security bug (I’ll tell you more about it in a subsequent post, but you can read more HERE). [...]

By: Hahnefeld

Hahnefeld — Thu, 03 Sep 2009 17:56:42 +0000

I saw the security issue on ISPConfig – Community. Is it a problem with every phpMyAdmin-Version?

By: kecemplungkalen

kecemplungkalen — Fri, 12 Jun 2009 21:24:23 +0000

but nice pagvac :)

By: kecemplungkalen

kecemplungkalen — Fri, 12 Jun 2009 20:53:21 +0000

old bug but new tread :) good job PDP i was testing for all indonesian phpmyadmin work fine :)

By: adriensk8

adriensk8 — Fri, 12 Jun 2009 16:04:12 +0000

Excellent….!!

By: pagvac

pagvac — Thu, 11 Jun 2009 11:25:35 +0000

@ToR: thanks for testing the script on other versions bro 8-)

By: rosko

rosko — Thu, 11 Jun 2009 07:51:11 +0000

as u said “nice reminder”

By: ToR

ToR — Wed, 10 Jun 2009 18:36:04 +0000

Nice work, works well also on v. 2.11.7.1 and 2.11.7 ;)

ToR

By: pagvac

pagvac — Wed, 10 Jun 2009 08:45:49 +0000

@Jose: thanks a lot for that. it should be quite simple to modify the PoC to exploit CVE-2009-1285. sweet!

will give it a try if i have some free time and/or feel inspired :)

By: Jose Miguel Esparza

Jose Miguel Esparza — Wed, 10 Jun 2009 08:42:00 +0000

Hi there! Good PoC! I played with this vuln some weeks ago and I had had no time to write anything. It could be a good idea to add the vuln affecting the 3.1.3.1 version: http://www.phpmyadmin.net/home.....2009-4.php

It’s the same concept but change some files and functions (the setup page is /setup/config.php now, for example). The vulnerable package to play with: http://sourceforge.net/project.....ges.tar.gz

Cheers!

By: pagvac

pagvac — Wed, 10 Jun 2009 06:41:54 +0000

thanks for the feedback guys. btw, here are some vulnerable versions in case anyone wants to experiment with the script:

http://sourceforge.net/project.....a=95960040
http://sourceforge.net/project.....a=95960040
http://sourceforge.net/project.....a=95960040
http://sourceforge.net/project.....a=95960040
http://sourceforge.net/project.....a=95960040

By: 墨尔本

墨尔本 — Wed, 10 Jun 2009 06:32:54 +0000

This is some great script to deal with phpMyAdmin. Thanks for sharing.

By: Mike

Mike — Tue, 09 Jun 2009 21:57:24 +0000

Nice Exploit.

But there are plenty of awesome remote code execution vulns. Don’t Forget mysql’s into_outfile! Or Remote Code Execution with a Local File Include vulnerability! http://milw0rm.com/papers/260

using a .gif file: http://www.milw0rm.com/exploits/7947
Using apache log files: http://www.milw0rm.com/exploits/8298

Peace

By: pdp

pdp — Tue, 09 Jun 2009 20:07:34 +0000

Alexander, all the credits go to pagvac. He is the author of this post, not me. He is also a bash ninja :)

By: Alexander Sverdlov

Alexander Sverdlov — Tue, 09 Jun 2009 20:02:23 +0000

PDP, you did it again… what could I say? Your bash’es are a teaching example that perl and python are not the only way to reach the target.

Kudos!