Haxxor Security: phpMyAdmin 3.x preg_replace RCE POC: "phpMyAdmin 3.x preg_replace RCE POC
I'm flooded with requests for a POC and many doubt that these vulnerabilities are exploitable. And since this vulnerability is rather technically interesting I believe many could learn from it.
The POC uses the session manipulation vulnerability in combination with the remote code execution in preg_replace as detailed in my last blogpost. It will only confirm if the instance is exploitable or not and you need to have valid credentials to the database. Use responsibly.