CVE-2009-1151: phpMyAdmin Remote Code Execution Proof of Concept

I couldn’t find any public PoC/exploit for this phpMyAdmin vulnerability, despite it being a serious bug affecting a popular open-source project. I think this vulnerability is a nice reminder that it’s still possible to perform remote command execution these days without relying on SQL injection (i.e.: xp_cmdshell) or a memory corruption bug (i.e.: heap overflow). [...]

more | comments | comments rss | posted by