niedziela, 15 stycznia 2017

Upload shell to phpMyAdmin

Yesterday I was reading about some vulnerabilities found in phpMyAdmin. I decided to create my own poc for uploading shell to PMA.

I'm talking about those two links. Idea is simple, you have a working credentials to log in to PMA and version installed on server is 'vulnerable' to SQL injection.

At this point my question was: if we have a valid login/pass to PMA, we don't need SQL injection, right? Because in PMA you have a SQL-query panel, ready to use after you're logged-in. Ok. So below you will find a proof-of-concept to upload shell to your 'pma server'.

Remember to change the path to writable location on remote host:

Code you will find here.

Cheers



Brak komentarzy:

Prześlij komentarz