漏洞描述
Multiple phpMyAdmin setup files were detected.
phpmyadmin-setup: PhpMyAdmin Setup File - Detect
PoC代码[已公开]
id: phpmyadmin-setup
info:
name: PhpMyAdmin Setup File - Detect
author: sheikhrishad,thevillagehacker,Kr1shna4garwal,ArjunChandarana,0xpugal
severity: medium
description: Multiple phpMyAdmin setup files were detected.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cwe-id: CWE-200
cpe: cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 16
shodan-query: http.html:"phpMyAdmin"
product: phpmyadmin
vendor: phpmyadmin
tags: phpmyadmin,misconfig,vuln
http:
- method: GET
path:
- "{{BaseURL}}{{paths}}"
payloads:
paths:
- "/phpmyadmin/scripts/setup.php"
- "/phpMyAdmin/scripts/setup.php"
- "/_phpmyadmin/scripts/setup.php"
- "/forum/phpmyadmin/scripts/setup.php"
- "/php/phpmyadmin/scripts/setup.php"
- "/typo3/phpmyadmin/scripts/setup.php"
- "/web/phpmyadmin/scripts/setup.php"
- "/xampp/phpmyadmin/scripts/setup.php"
- "/sysadmin/phpMyAdmin/scripts/setup.php"
- "/phpmyadmin/setup/index.php"
- "/phpMyAdmin/setup/index.php"
- "/pma/setup/index.php"
- "/admin/pma/setup/index.php"
- "/phpmyadmin/setup/"
- "/setup/index.php"
- "/admin/"
- "/phpMyAdminOLD/setup/index.php"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "You want to configure phpMyAdmin using web interface"
- "<title>phpMyAdmin setup</title>"
condition: or
- type: status
status:
- 200
# digest: 490a0046304402202eb8c90ba1362448e6cf255cb28f7ed363fc63ea2738f57f765accbebf672327022065da87876ecb8cdd8b9831f910faae565c9bb14a7d23024381da0637268060de:922c64590222798bb761d5b6d8e72950