exploits of phpmyadmin 2.5.0

**S3cur|ty4ng31** · October 28th, 2003, 01:36 AM

Anyone aware of any exploits or weakness of phpmyadmin 2.5.0.

It is a default configuration with no changes or security patches on a red hat 9.0 box.

**S3cur|ty4ng31** · October 28th, 2003, 05:22 PM

no responses???
well if people are worried Its for illegal activity its not, Im trying to hack a wargame server
you can look for yourself and even try..this server has been up for 2 months and no one has been able to hack it yet

http://212.254.194.174

***Maestr0*** · October 28th, 2003, 05:26 PM

Well AFAIK Webmin sessions could be sniffed locally unless SSL is being used, since its a default install it may be using SSL with the default Webmin certificate which is not a true SSL certificate and could be forged or stolen. If they are not using the default cert you could try attacking SSL itself, not sure if any of the recent vulns would be useful for this but you could start there.

-Maestr0

**S3cur|ty4ng31** · October 28th, 2003, 06:48 PM

Hmm well I have been trying to find a way to get the /etc/shadow using phpmyadmin to read local files but I cant get out of the pma directory but I can view all files in there using

http://212.254.194.174/pma/db_detail...path=libraries

or whatever docpath I want.

I try usin '../' but it converts 2 periods into a single one, does anyone know what the encoding is for a period i know a space is %20 but i have no idea for .

***el-half*** · October 28th, 2003, 06:59 PM

%2e it is

**S3cur|ty4ng31** · October 28th, 2003, 07:11 PM

thanks i thought that was going to work but it still strips 2 '.''s to 1

Thread: exploits of phpmyadmin 2.5.0

Thread Tools

Display

exploits of phpmyadmin 2.5.0

Posting Permissions