phpmyadmin Data Exposure

漏洞信息

漏洞名称: phpmyadmin Data Exposure

漏洞类型: 未授权访问

漏洞等级: 中危

漏洞描述: phpMyAdmin是一个广泛使用的开源数据库管理工具,主要用于通过Web界面管理MySQL数据库。它通常部署在需要数据库管理的Web服务器上,是许多网站和在线服务的重要组成部分。此次发现的漏洞涉及phpMyAdmin的配置问题,具体表现为未授权访问漏洞。这意味着攻击者可以在不需要任何认证的情况下,直接访问phpMyAdmin的敏感信息,如数据库结构和内容。漏洞的技术根源在于phpMyAdmin的配置不当,未能正确实施访问控制机制,导致未认证的用户可以绕过登录界面直接访问数据库管理界面。这种漏洞的存在可能导致严重的信息泄露风险,攻击者可以利用这一漏洞获取数据库中的敏感信息,如用户凭证、个人数据等,进而可能进行更深入的攻击。由于漏洞允许未授权访问,攻击者可以无需任何前置条件即可利用此漏洞,增加了其潜在的危险性。

产品厂商: phpmyadmin

产品名称: phpmyadmin

搜索语法: http.title:phpMyAdmin, http.title:”phpmyadmin”, http.component:”phpmyadmin”, cpe:”cpe:2.3:a:phpmyadmin:phpmyadmin”, body=”pma_servername” && body=”4.8.4”, title=”phpmyadmin”

来源: https://github.com/projectdiscovery/nuclei-templates/blob/af3d143037a9f81ad97bd184b328697d8f1e9570/http%2Fmisconfiguration%2Fphpmyadmin%2Fphpmyadmin-misconfiguration.yaml

类型: projectdiscovery/nuclei-templates:github issues

POC详情

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74

id: phpmyadmin-misconfiguration

info:
  name: phpmyadmin Data Exposure
  author: pussycat0x
  severity: medium
  description: |
    An unauthenticated instance of phpmyadmin was discovered, which could be leveraged to access sensitive information.
  reference:
    - https://www.exploit-db.com/ghdb/6997
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cwe-id: CWE-200
  metadata:
    max-request: 2
    vendor: phpmyadmin
    product: phpmyadmin
    shodan-query:
      - "http.title:phpMyAdmin"
      - http.title:"phpmyadmin"
      - http.component:"phpmyadmin"
      - cpe:"cpe:2.3:a:phpmyadmin:phpmyadmin"
    fofa-query:
      - body="pma_servername" && body="4.8.4"
      - title="phpmyadmin"
  tags: phpmyadmin,misconfig,edb


flow: http(1) || http(2)

http:
  - method: GET
    path:
      - "{{BaseURL}}/phpmyadmin/index.php?db=information_schema"

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - status_code == 200
          - regex("var\\s+db\\s*=\\s*\'information_schema\'",body)
          - regex("var\\s+opendb_url\\s*=\\s*\'db_structure\\.php\'",body)
        condition: and

      - type: dsl
        dsl:
          - 'contains(body, "name=\\\"login_form\\\"")'
          - 'contains(body, "id=\\\"input_username\\\"")'
        condition: and
        negative: true

  - method: GET
    path:
      - "{{BaseURL}}/phpMyAdmin/index.php?db=information_schema"

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - status_code == 200
          - regex("var\\s+db\\s*=\\s*\'information_schema\'",body)
          - regex("var\\s+opendb_url\\s*=\\s*\'db_structure\\.php\'",body)
        condition: and

      - type: dsl
        dsl:
          - 'contains(body, "name=\\\"login_form\\\"")'
          - 'contains(body, "id=\\\"input_username\\\"")'
        condition: and
        negative: true


Github Poc
#projectdiscovery/nuclei-templates:github issues #未授权访问
phpmyadmin Data Exposure
http://example.com/2025/07/24/github_1964601851/
作者
lianccc
发布于
2025年7月24日
许可协议