phpmyadmin-setup: Publicly Accessible Phpmyadmin Setup

日期: 2025-09-01 | 影响软件: 未知 | POC: 已公开

漏洞描述

Publicly Accessible Phpmyadmin Setup

PoC代码[已公开]

id: phpmyadmin-setup

info:
  name: Publicly Accessible Phpmyadmin Setup
  author: sheikhrishad,thevillagehacker
  severity: medium
  description: |-
    Publicly Accessible Phpmyadmin Setup
  tags: phpmyadmin,setup
  created: 2023/10/13

rules:
  r00:
    request:
      method: GET
      path: /phpmyadmin/setup/index.php
    expression: |
      response.status == 200  && response.body.ibcontains(b'<title>phpmyadmin setup</title>')
  r0:
    request:
      method: GET
      path: /phpmyadmin/scripts/setup.php
    expression: |
      response.status == 200  && response.body.ibcontains(b'<title>phpmyadmin setup</title>')
  r1:
    request:
      method: GET
      path: /_phpmyadmin/scripts/setup.php
    expression: |
      response.status == 200  && response.body.ibcontains(b'<title>phpmyadmin setup</title>')
  r2:
    request:
      method: GET
      path: /forum/phpmyadmin/scripts/setup.php
    expression: |
      response.status == 200  && response.body.ibcontains(b'<title>phpmyadmin setup</title>')
  r3:
    request:
      method: GET
      path: /php/phpmyadmin/scripts/setup.php
    expression: |
      response.status == 200  && response.body.ibcontains(b'<title>phpmyadmin setup</title>')
  r4:
    request:
      method: GET
      path: /typo3/phpmyadmin/scripts/setup.php
    expression: |
      response.status == 200  && response.body.ibcontains(b'<title>phpmyadmin setup</title>')
  r5:
    request:
      method: GET
      path: /web/phpmyadmin/scripts/setup.php
    expression: |
      response.status == 200  && response.body.ibcontains(b'<title>phpmyadmin setup</title>')
  r6:
    request:
      method: GET
      path: /xampp/phpmyadmin/scripts/setup.php
    expression: |
      response.status == 200  && response.body.ibcontains(b'<title>phpmyadmin setup</title>')
  r7:
    request:
      method: GET
      path: /sysadmin/phpMyAdmin/scripts/setup.php
    expression: |
      response.status == 200  && response.body.ibcontains(b'<title>phpmyadmin setup</title>')
  r8:
    request:
      method: GET
      path: /phpmyadmin/setup/index.php
    expression: |
      response.status == 200  && response.body.ibcontains(b'<title>phpmyadmin setup</title>')
  r9:
    request:
      method: GET
      path: /pma/setup/index.php
    expression: |
      response.status == 200  && response.body.ibcontains(b'<title>phpmyadmin setup</title>')
expression: r00() || r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7() || r8() || r9()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/phpmyadmin-setup.yaml