.. / CVE-2009-1151

Exploit for PhpMyAdmin Scripts - Remote Code Execution (CVE-2009-1151)

Description:

PhpMyAdmin Scripts 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 are susceptible to a remote code execution in setup.php that allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. Combined with the ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code.

Nuclei Template

View the template here CVE-2009-1151.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2009/CVE-2009-1151.yaml

References:

http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_9/phpMyAdmin/scripts/setup.php?r1=11514&r2=12301&pathrev=12301
https://github.com/vulhub/vulhub/tree/master/phpmyadmin/WooYun-2016-199433
http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php
https://nvd.nist.gov/vuln/detail/CVE-2009-1151
https://www.phpmyadmin.net/security/PMASA-2009-3/

.. / CVE-2009-1151 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for PhpMyAdmin Scripts - Remote Code Execution (CVE-2009-1151)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2009-1151