Yesterday I was reading about some vulnerabilities found in phpMyAdmin. I decided to create my own poc for uploading shell to PMA.
I'm talking about those two links. Idea is simple, you have a working credentials to log in to PMA and version installed on server is 'vulnerable' to SQL injection.
At this point my question was: if we have a valid login/pass to PMA, we don't need SQL injection, right? Because in PMA you have a SQL-query panel, ready to use after you're logged-in. Ok. So below you will find a proof-of-concept to upload shell to your 'pma server'.
Remember to change the path to writable location on remote host:
Code you will find here.
Cheers
Brak komentarzy:
Prześlij komentarz