exploits of phpmyadmin 2.5.0
Results 1 to 6 of 6

Thread: exploits of phpmyadmin 2.5.0

  1. #1
    Senior Member
    Join Date
    Jun 2003
    Posts
    236

    exploits of phpmyadmin 2.5.0

    Anyone aware of any exploits or weakness of phpmyadmin 2.5.0.

    It is a default configuration with no changes or security patches on a red hat 9.0 box.
    That which does not kill me makes me stronger -- Friedrich Nietzche

  2. #2
    Senior Member
    Join Date
    Jun 2003
    Posts
    236
    no responses???
    well if people are worried Its for illegal activity its not, Im trying to hack a wargame server
    you can look for yourself and even try..this server has been up for 2 months and no one has been able to hack it yet


    http://212.254.194.174
    That which does not kill me makes me stronger -- Friedrich Nietzche

  3. #3
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    Well AFAIK Webmin sessions could be sniffed locally unless SSL is being used, since its a default install it may be using SSL with the default Webmin certificate which is not a true SSL certificate and could be forged or stolen. If they are not using the default cert you could try attacking SSL itself, not sure if any of the recent vulns would be useful for this but you could start there.

    -Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

  4. #4
    Senior Member
    Join Date
    Jun 2003
    Posts
    236
    Hmm well I have been trying to find a way to get the /etc/shadow using phpmyadmin to read local files but I cant get out of the pma directory but I can view all files in there using

    http://212.254.194.174/pma/db_detail...path=libraries

    or whatever docpath I want.

    I try usin '../' but it converts 2 periods into a single one, does anyone know what the encoding is for a period i know a space is %20 but i have no idea for .
    That which does not kill me makes me stronger -- Friedrich Nietzche

  5. #5
    Senior Member
    Join Date
    Jun 2003
    Posts
    772
    %2e it is
    The above sentences are produced by the propaganda and indoctrination of people manipulating my mind since 1987, hence, I cannot be held responsible for this post\'s content - me

    www.elhalf.com

  6. #6
    Senior Member
    Join Date
    Jun 2003
    Posts
    236
    thanks i thought that was going to work but it still strips 2 '.''s to 1
    That which does not kill me makes me stronger -- Friedrich Nietzche

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •