漏洞信息
漏洞名称: phpMyAdmin 数据暴露
漏洞类型: 未授权访问
漏洞等级: 中危
漏洞描述: phpMyAdmin是一个广泛使用的开源数据库管理工具,主要用于通过Web界面管理MySQL数据库。它通常部署在需要数据库管理的Web服务器上,是许多网站和应用程序的后端管理工具。由于其广泛的使用,phpMyAdmin的安全问题可能会影响到大量的系统。此次发现的漏洞属于未授权访问类型,具体表现为phpMyAdmin实例未设置认证,导致攻击者可以直接访问敏感信息。这种漏洞的技术根源在于配置不当,即管理员未能正确配置phpMyAdmin的访问控制,使得无需认证即可访问管理界面。这种漏洞的存在可能导致敏感数据泄露,包括数据库中的用户名、密码等关键信息。由于攻击者无需认证即可利用此漏洞,因此风险较高,尤其是在公网可访问的phpMyAdmin实例上。攻击者可以利用此漏洞自动扫描和识别未配置认证的phpMyAdmin实例,进而获取敏感信息。
产品厂商: phpmyadmin
产品名称: phpmyadmin
搜索语法: http.title:phpMyAdmin, http.title:”phpmyadmin”, http.component:”phpmyadmin”, cpe:”cpe:2.3:a:phpmyadmin:phpmyadmin”, body=”pma_servername” && body=”4.8.4”, title=”phpmyadmin”
来源: https://github.com/projectdiscovery/nuclei-templates/blob/a614afcab5491aa84aa40681e9c017fbf0b52461/http%2Fmisconfiguration%2Fphpmyadmin%2Fphpmyadmin-misconfiguration.yaml
类型: projectdiscovery/nuclei-templates:github issues
POC详情
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
|
id: phpmyadmin-misconfiguration
info:
name: phpmyadmin Data Exposure
author: pussycat0x
severity: medium
description: |
An unauthenticated instance of phpmyadmin was discovered, which could be leveraged to access sensitive information.
reference:
- https://www.exploit-db.com/ghdb/6997
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cwe-id: CWE-200
metadata:
max-request: 2
vendor: phpmyadmin
product: phpmyadmin
shodan-query:
- "http.title:phpMyAdmin"
- http.title:"phpmyadmin"
- http.component:"phpmyadmin"
- cpe:"cpe:2.3:a:phpmyadmin:phpmyadmin"
fofa-query:
- body="pma_servername" && body="4.8.4"
- title="phpmyadmin"
tags: phpmyadmin,misconfig,edb
flow: http(1) || http(2)
http:
- method: GET
path:
- "{{BaseURL}}/phpmyadmin/index.php?db=information_schema"
matchers-condition: and
matchers:
- type: status
internal: true
status:
- 200
- type: word
internal: true
part: body
words:
- "var db = 'information_schema';"
- "var opendb_url = 'db_structure.php';"
condition: and
- type: word
internal: true
part: body
words:
- 'name="login_form"'
- 'id="input_username"'
negative: true
condition: or
- method: GET
path:
- "{{BaseURL}}/phpMyAdmin/index.php?db=information_schema"
matchers-condition: and
matchers:
- type: status
internal: true
status:
- 200
- type: word
part: body
internal: true
words:
- "db:\"information_schema\""
- "opendb_url:\"db_structure.php\""
condition: and
- type: word
internal: true
part: body
words:
- 'name="login_form"'
- 'id="input_username"'
negative: true
condition: or
|