11/7/11

Haxxor Security: phpMyAdmin 3.x preg_replace RCE POC

Haxxor Security: phpMyAdmin 3.x preg_replace RCE POC: "phpMyAdmin 3.x preg_replace RCE POC
I'm flooded with requests for a POC and many doubt that these vulnerabilities are exploitable. And since this vulnerability is rather technically interesting I believe many could learn from it.

The POC uses the session manipulation vulnerability in combination with the remote code execution in preg_replace as detailed in my last blogpost. It will only confirm if the instance is exploitable or not and you need to have valid credentials to the database. Use responsibly.

Download here"

No hay comentarios: