Skip to content

Villaquiranm/5MMISSI-CVE-2017-1000499

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits

web

web

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

Repository files navigation

5MMISSI-CVE-2017-1000499

PoC of CVE-2017-1000499

phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc.

Contents

  • Makefile
  • web/index.html

Instructions

Getting all prepared

git clone https://github.com/Villaquiranm/5MMISSI-CVE-2017-1000499.git
cd 5MMISSI-CVE-2017-1000499/

Building docker enviroment

To build both containers you only need to type a single command.

make create

At this point it is necessary to wait because php server and database need to be configurated. This delay is approximately one minute after a successful build.

Experimenting with your exploid

  1. First go to Localhost.

  2. Type root as user and password. (if you get an error it is because server is still configurating itself).

  3. Observe carefully all your database schemas.

  4. Assuming you are still in this repository. We will create a Python server to exploit this vulnerability.

cd web/
python -m SimpleHTTPServer 8888
  1. Go to Localhost:8888.
  2. Reaload your database page (localhost).

Destroying docker enviroment

make clean

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages