Monday, November 23, 2009

Exploiting phpMyadmin

Exploiting phpMyadmin: How to Get root in 15 Easy Steps

It all begins with a basic error. In this case, the entry point was a default installation of phpMyAdmin, which is a GUI based interface for MySQL, the powerful database application that is considered the standard for open source junkies. Specifically, this gaping hole was a result of a standard XAMPP installation, which leaves phpMyAdmin wide open and available to anyone who happens to find it. Unfortunately for the server administrator, the hole was enough to give the red cell all that was needed to launch a multi-staged exploitation session that eventually led to root access of the target system:

Full article:http://www.informit.com/articles/printerfriendly.aspx?p=1407358

1 comment:

Anonymous said...

Thanks,

Looks familiar with this one,

http://www.youtube.com/watch?v=-t5xWuCYhlw