This is going to be a “phpMyAdmin code execution vulnerability” Blog . No, seriously I’ve been really busy, working for new projects, the whole blabla story .
But, I’ve recently found two LFI’s and one RCE and some XSS in phpMyAdmin’s latest versions: 3.4.0 – 184.108.40.206.
Because they did not include the link to my advisories, I’ll make them available here, enjoy
- http://fd.the-wildcat.de/pma_e36a5a6e5c.php – phpMyAdmin RCE and LFI and XSS
- http://fd.the-wildcat.de/pma_e36a587a73.php – phpMyAdmin LFI
- http://fd.the-wildcat.de/pma_e36a2af427.php – phpMyAdmin – XSS
- And, as always thanks to Marc Delisle for the prompt reaction
Need help securing your (web) applications? Write an e-mail to wildcat at the-wildcat dot de