Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.WORDPRESS_PORTABLE_PHPMYADMIN_AUTH_BYPASS.NASL
HistoryJan 25, 2013 - 12:00 a.m.

Portable phpMyAdmin Plugin for WordPress 'wp-pma-mod' Authentication Bypass

2013-01-2500:00:00
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
410
JSON

The Portable phpMyAdmin Plugin for WordPress installed on the remote host is affected by an authentication bypass vulnerability because the /wp-pma-mod/ path fails to properly authorize users. his may allow an attacker to bypass access restrictions and gain access to the administrative console to perform unauthorized actions.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(64245);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2012-5469");
  script_bugtraq_id(56920);
  script_xref(name:"EDB-ID", value:"23356");

  script_name(english:"Portable phpMyAdmin Plugin for WordPress 'wp-pma-mod' Authentication Bypass");
  script_summary(english:"Attempts to access Portable phpMyAdmin.");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server contains a PHP script that is affected by an
authentication bypass vulnerability.");
  script_set_attribute(attribute:"description", value:
"The Portable phpMyAdmin Plugin for WordPress installed on the remote
host is affected by an authentication bypass vulnerability because the
/wp-pma-mod/ path fails to properly authorize users. his may allow an
attacker to bypass access restrictions and gain access to the
administrative console to perform unauthorized actions.");
  script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2012/Dec/91");
  script_set_attribute(attribute:"see_also", value:"https://wordpress.org/plugins/portable-phpmyadmin/#changelog");
  script_set_attribute(attribute:"solution", value:
"Upgrade to version 1.3.1 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_nessus", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/12/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/11/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/25");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:wordpress:wordpress");
  script_end_attributes();

  script_category(ACT_ATTACK);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("wordpress_detect.nasl");
  script_require_keys("installed_sw/WordPress", "www/PHP");
  script_require_ports("Services/www", 80);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("webapp_func.inc");

app = "WordPress";
get_install_count(app_name:app, exit_if_zero:TRUE);

port = get_http_port(default:80, php:TRUE);

install = get_single_install(
  app_name : app,
  port     : port
);

dir = install['path'];
install_url = build_url(port:port, qs:dir);

plugin = 'Portable phpMyAdmin';

# Check KB first
installed = get_kb_item("www/"+port+"/webapp_ext/"+plugin+" under "+dir);

if (!installed)
{
  checks = make_array();
  path = "/wp-content/plugins/";
  checks[path + "portable-phpmyadmin/wp-pma-mod/js/navigation.js"][0] =
    make_list('function PMA_save');

  # Ensure plugin is installed
  installed = check_webapp_ext(
    checks : checks,
    dir    : dir,
    port   : port,
    ext    : plugin
  );
}
if (!installed)
audit(AUDIT_WEB_APP_EXT_NOT_INST, app, install_url, plugin + " plugin");

# Attempt to access phpMyAdmin
exploit = "/wp-content/plugins/portable-phpmyadmin/wp-pma-mod/";
res = http_send_recv3(
    method    : "GET",
    item      : dir + exploit,
    port         : port,
    exit_on_fail : TRUE
);

if (
  "<title>phpMyAdmin" >< res[2] &&
  "<p>phpMyAdmin is more friendly" >< res[2]
)
{
  out = strstr(res[2], "<title");
  count = 0;
  # Format our output for reporting. Limit to 20 lines
  foreach line (split(out))
  {
    output += line;
    count++;
    if (count >= 20) break;
  }

  if (report_verbosity > 0)
  {
    snip = crap(data:"-", length:30)+' snip '+ crap(data:"-", length:30);
    report =
      '\nNessus was able to verify the issue using the following request :' +
      '\n' +
      '\n' + install_url + exploit +
      '\n';
      if (report_verbosity > 1)
      {
        report +=
          '\nThis produced the following truncated output : ' +
          '\n' + snip +
          '\n' + output + snip +
          '\n';
      }
      security_hole(port:port, extra:report);
    }
    else security_hole(port);
    exit(0);
}
audit(AUDIT_WEB_APP_EXT_NOT_AFFECTED, app, install_url, plugin + " Plugin");
VendorProductVersionCPE
wordpresswordpresscpe:/a:wordpress:wordpress

Related

checkpoint_advisories 1
prion 1
exploitpack 1
patchstack 1
myhack58 1
openvas 1
securityvulns 2
seebug 1
packetstorm 1
wpvulndb 1
cve 1
exploitdb 1
checkpoint_advisories
checkpoint_advisories
WordPress portable-phpMyAdmin Plugin Authentication Bypass (CVE-2012-5469)
2019-04-08 00:00:00
prion
prion
Authentication flaw
2012-12-20 12:02:00
exploitpack
exploitpack
WordPress Plugin Portable phpMyAdmin - Authentication Bypass
2012-12-13 00:00:00
patchstack
patchstack
WordPress Portable phpMyAdmin Plugin - Authentication Bypass
2012-12-13 00:00:00
myhack58
myhack58
portable-phpMyAdmin๏ผˆWordPress plugin authentication bypass-vulnerability warning-the black bar safety net
2012-12-21 00:00:00
openvas
openvas
WordPress Portable phpMyAdmin Plugin 'wp-pma-mod' Security Bypass Vulnerability
2012-12-17 00:00:00
securityvulns
securityvulns
&#39;portable-phpMyAdmin &#40;WordPress Plugin&#41;&#39; Authentication Bypass &#40;CVE-2012-5469&#41;
2012-12-18 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2012-12-18 00:00:00
seebug
seebug
Portable phpMyAdmin Wordpress Plugin Authentication Bypass
2014-07-01 00:00:00
packetstorm
packetstorm
WordPress portable-phpMyAdmin 1.3.0 Authentication Bypass
2012-12-12 00:00:00
wpvulndb
wpvulndb
portable-phpMyAdmin < 1.3.1 - Authentication Bypass
2014-08-01 00:00:00
cve
cve
CVE-2012-5469
2012-12-20 12:02:00
exploitdb
exploitdb
WordPress Plugin Portable phpMyAdmin - Authentication Bypass
2012-12-13 00:00:00
JSON
Related for WORDPRESS_PORTABLE_PHPMYADMIN_AUTH_BYPASS.NASL
checkpoint_advisories1prion1exploitpack1patchstack1myhack581openvas1securityvulns2seebug1packetstorm1wpvulndb1cve1exploitdb1