CVE-2018-12613

Local file inclusion bug due to filter bypass using %253f character.

Software Affected

PHPMyAdmin v.4.8.0
PHPMyAdmin v.4.8.1

How to use

This PowerShell scripts need three parameters to craft a exploit HTTP request:

1. PHPMyAdmin URL endpoint
2. Cookies for an authenticated user
3. A full path file to be retrieved in remote server

Example

Prepare all the parameters to use the script:

Then, after you run it:

Remote Code Execution

This could lead to remote code execution if you query a SELECT SQL containing PHP code. Then you can include your session file in /var/lib/php/sessions/SESSION_ID_HERE file to execute arbitrary PHP code.

I haven't coded a Code execution PoC. But you can do it manually and trigger it with this code.

Code author: @_zc00l

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
.gitattributes		.gitattributes
LICENSE		LICENSE
PHPMyAdmin-LFI.ps1		PHPMyAdmin-LFI.ps1
README.md		README.md
example-2.JPG		example-2.JPG
example.JPG		example.JPG

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2018-12613

Software Affected

How to use

Example

Remote Code Execution

About

Releases

Packages

Languages

License

0x00-0x00/CVE-2018-12613

Folders and files

Latest commit

History

Repository files navigation

CVE-2018-12613

Software Affected

How to use

Example

Remote Code Execution

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages