 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 154
 Members: 0
 Total: 154
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
phpmyadmin help |
|
 Posted: Sat Jan 30, 2010 6:21 pm |
 |
|
| askinner |
| Beginner |
 |
|
| Joined: Jan 29, 2010 |
| Posts: 4 |
|
|
|
 |
|
 |
|
Not sure where to post this so here goes.
I gained access to a phpmyadmin db on a server using a weak login
However, there is no functional tables in this DB, Just test and information schema
Now that I am on the server with some extended permissions are the any exploits I can use to gain access to server, extract info, file disclosure, etc?
maybe uplaod a shell
Thanks |
|
|
|
|
| Posted: Sat Jan 30, 2010 8:25 pm |
|
|
| pexli |
| Valuable expert |
 |
|
| Joined: May 24, 2007 |
| Posts: 665 |
| Location: Bulgaria |
|
|
|
|
|
|
Phpmyadmin which version?
Try username root without pass. |
|
|
|
|
| Posted: Sat Jan 30, 2010 8:54 pm |
|
|
| askinner |
| Beginner |
|
|
| Joined: Jan 29, 2010 |
| Posts: 4 |
|
|
|
|
|
|
|
I've already gained access to to phpmyadmin via the web interface with the username sa and blank password. But there are no usable tables in this particular db. Can I use any sql injections, commands or other methods to gain further access or info from server now that I am logged into the pma
ver 3.1.1
There is an option to import a txt file.
Can I upload a shell here?
Thanks |
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
