|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 166
Members: 0
Total: 166
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
phpmyadmin exploit |
|
Posted: Wed Jul 13, 2005 12:05 pm |
|
|
migo79 |
Regular user |
|
|
Joined: May 18, 2004 |
Posts: 17 |
|
|
|
|
|
|
|
Hello Guys
today when i was searching for old explits to test i stopped at this old bug in phpMyAdmin which the referenced Remote File Inclusion in PhpMyAdmin
i successfully able to use th XSS bug, but what about the most interesting thing which is file inclusion and printing sensitive values like the DB password ?
im trying to play with the vuln below :
anyone successfuly tested this exploit before or have any other clue ?
also im trying to test that with PHP Register_Global=ON and allow_URL_FOPEN=ON
thnx guys
migo |
|
|
|
|
Posted: Thu Sep 29, 2005 3:02 pm |
|
|
HHT |
Beginner |
|
|
Joined: Apr 09, 2005 |
Posts: 2 |
|
|
|
|
|
|
|
|
|
|
|
Posted: Thu Aug 24, 2006 3:01 am |
|
|
jezuz |
Beginner |
|
|
Joined: Aug 24, 2006 |
Posts: 2 |
Location: denmark |
|
|
|
|
|
|
|
|
|
|
www.waraxe.us Forum Index -> Php
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|