Anyone aware of any exploits or weakness of phpmyadmin 2.5.0.
It is a default configuration with no changes or security patches on a red hat 9.0 box.
Printable View
Anyone aware of any exploits or weakness of phpmyadmin 2.5.0.
It is a default configuration with no changes or security patches on a red hat 9.0 box.
no responses???
well if people are worried Its for illegal activity its not, Im trying to hack a wargame server
you can look for yourself and even try..this server has been up for 2 months and no one has been able to hack it yet
http://212.254.194.174
Well AFAIK Webmin sessions could be sniffed locally unless SSL is being used, since its a default install it may be using SSL with the default Webmin certificate which is not a true SSL certificate and could be forged or stolen. If they are not using the default cert you could try attacking SSL itself, not sure if any of the recent vulns would be useful for this but you could start there.
-Maestr0
Hmm well I have been trying to find a way to get the /etc/shadow using phpmyadmin to read local files but I cant get out of the pma directory but I can view all files in there using
http://212.254.194.174/pma/db_detail...path=libraries
or whatever docpath I want.
I try usin '../' but it converts 2 periods into a single one, does anyone know what the encoding is for a period i know a space is %20 but i have no idea for .
%2e it is
thanks i thought that was going to work but it still strips 2 '.''s to 1