phpMyAdmin setup.php脚本PHP代码注入漏洞

BUGTRAQ ID: 34236 CVECAN ID: CVE-2009-1151 phpMyAdmin是用PHP编写的工具，用于通过WEB管理MySQL。 phpMyAdmin的Setup脚本用于生成配置。如果远程攻击者向该脚本提交了特制的POST请求的话，就可能在生成的config.inc.php 配置文件中包含任意PHP代码。由于配置文件被保存到了服务器上，未经认证的远程攻击者可以利用这个漏洞执行任意PHP代码。 phpMyAdmin phpMyAdmin 3.x phpMyAdmin phpMyAdmin 2.11.x 厂商补丁： phpMyAdmin ----------...

phpMyAdmin (/scripts/setup.php) PHP Code Injection Exploit

No description provided by source. !/bin/bash CVE-2009-1151: phpMyAdmin '/scripts/setup.php' PHP Code Injection RCE PoC v0.11 by pagvac gnucitizen.org, 4th June 2009. special thanks to Greg Ose labs.neohapsis.com for discovering such a cool vuln, and to str0ke milw0rm.com for testing this PoC...

phpMyAdmin /scripts/setup.php Code Injection

!/bin/bash CVE-2009-1151: phpMyAdmin '/scripts/setup.php' PHP Code Injection RCE PoC v0.11 by pagvac gnucitizen.org, 4th June 2009. special thanks to Greg Ose labs.neohapsis.com for discovering such a cool vuln, and to str0ke milw0rm.com for testing this PoC script and providing feedback! PoC...

phpMyAdmin (/scripts/setup.php) PHP Code Injection Exploit-vulnerability warning-the black bar safety net

!/ bin/bash CVE-2 0 0 9-1 1 5 1: phpMyAdmin '/scripts/setup.php' PHP Code Injection RCE PoC v0. 1 1 by pagvac gnucitizen.org, 4th June 2 0 0 9. special thanks to Greg Ose labs.neohapsis.com for discovering such a cool vuln, and to str0ke milw0rm.com for testing this PoC script and providing...

phpMyAdmin (/scripts/setup.php) PHP Code Injection Exploit

Exploit for unknown platform in category web applications ========================================================== phpMyAdmin /scripts/setup.php PHP Code Injection Exploit ==========================================================...

phpMyAdmin - '/scripts/setup.php' PHP Code Injection

!/bin/bash CVE-2009-1151: phpMyAdmin '/scripts/setup.php' PHP Code Injection RCE PoC v0.11 by pagvac gnucitizen.org, 4th June 2009. special thanks to Greg Ose labs.neohapsis.com for discovering such a cool vuln, and to str0ke milw0rm.com for testing this PoC script and providing feedback! PoC...

phpMyAdmin - scriptssetup.php PHP Code Injection

phpMyAdmin - scriptssetup.php PHP Code Injection !/bin/bash CVE-2009-1151: phpMyAdmin '/scripts/setup.php' PHP Code Injection RCE PoC v0.11 by pagvac gnucitizen.org, 4th June 2009. special thanks to Greg Ose labs.neohapsis.com for discovering such a cool vuln, and to str0ke milw0rm.com for testin...

phpMyAdmin 3.3.0 - db Cross-Site Scripting

phpMyAdmin 3.3.0 - db Cross-Site Scripting source: https://www.securityfocus.com/bid/35531/info phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the...

phpMyAdmin 3.3.0 - 'db' Cross-Site Scripting

source: https://www.securityfocus.com/bid/35531/info phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context...

Mandrake Security Advisory MDVSA-2009:115 (phpMyAdmin)

The remote host is missing an update to phpMyAdmin announced via advisory MDVSA-2009:115. OpenVAS Vulnerability Test $Id: mdksa2009115.nasl 6587 2017-07-07 06:35:35Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:115 phpMyAdmin Authors: Thomas Reinke Copyright: Copyright c 2009...

Mandrake Security Advisory MDVSA-2009:115 (phpMyAdmin)

The remote host is missing an update to phpMyAdmin announced via advisory MDVSA-2009:115. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

CVE-2009-1285: phpMyAdmin Code Injection

Well, I usually don’t blog about these bugs but phpMyAdmin is a project that is used almost everywhere and this is a quick and dirty way to get code execution. This issue affects phpMyAdmin 3.x before 3.1.3.2 and it was disclosed on 14 April 2009. The bug is present at...

Fedora 10 : phpMyAdmin-3.1.3.2-1.fc10 (2009-3700)

Improvements for 3.1.3.2: - security Insufficient output sanitizing when generating configuration file http://www.phpmyadmin.net/homepage/security/PMASA-2009-4.php Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable...

Fedora 10 : phpMyAdmin-3.1.3.1-1.fc10 (2009-3006)

Improvements for 3.1.3.1: - security HTTP Response Splitting and file inclusion vulnerabilities - security XSS vulnerability on export page - security Insufficient output sanitizing when generating configuration file Note that Tenable Network Security has extracted the preceding description block...

FreeBSD : Remote code injection in phpMyAdmin (0d4c31ac-cb91-11d8-8898-000d6111a684)

This vulnerability would allow remote user to inject PHP code to be executed by eval function. This vulnerability is only exploitable if variable $cfg'LeftFrameLight' is set to FALSE in file config.inc.php. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package chec...

FreeBSD : phpmyadmin -- remote command execution vulnerability (fc07c9ca-22ce-11d9-814e-0001020eed82)

From the phpMyAdmin 2.6.0p2 release notes : If PHP is not running in safe mode, a problem in the MIME-based transformation system with an 'external' transformation allows to execute any command with the privileges of the web server's user. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

FreeBSD : file disclosure in phpMyAdmin (cc0fb686-6550-11d8-80e3-0020ed76ef5a)

Lack of proper input validation in phpMyAdmin may allow an attacker to obtain the contents of any file on the target system that is readable by the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeB...

FreeBSD Ports: phpMyAdmin

The remote host is missing an update to the system as announced in the referenced advisory. VID 1a0e4cc6-29bf-11de-bdeb-0030843d3802 OpenVAS Vulnerability Test $ Description: Auto generated from VID 1a0e4cc6-29bf-11de-bdeb-0030843d3802 Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

FreeBSD Ports: phpMyAdmin

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Fedora Core 10 FEDORA-2009-3700 (phpMyAdmin)

The remote host is missing an update to phpMyAdmin announced via advisory FEDORA-2009-3700. OpenVAS Vulnerability Test $Id: fcore20093700.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-3700 phpMyAdmin Authors: Thomas Reinke Copyright: Copyright c...