PhpMyAdmin 4.8.2 !!TOP!! Crack

PhpMyAdmin 4.8.2 !!TOP!! Crack

Download >> https://urloso.com/2t7yzv

This page contains detailed information about how to use the auxiliary/scanner/http/phpmyadmin_login metasploit module. For list of all metasploit modules, visit the Metasploit Module Library.

Name: PhpMyAdmin Login ScannerModule: auxiliary/scanner/http/phpmyadmin_loginSource code: modules/auxiliary/scanner/http/phpmyadmin_login.rbDisclosure date: -Last modification time: 2021-08-31 17:10:07 +0000Supported architecture(s): -Supported platform(s): -Target service / protocol: http, httpsTarget network port(s): 80, 443, 3000, 8000, 8008, 8080, 8443, 8880, 8888List of CVEs: -

This page contains detailed information about the phpMyAdmin 4.8.x < 4.8.2 Vulnerability (PMASA-2018-4) Nessus plugin including available exploits and PoCs found on GitHub, in Metasploit or Exploit-DB for verifying of this vulnerability.

ID: 110722Name: phpMyAdmin 4.8.x < 4.8.2 Vulnerability (PMASA-2018-4)Filename: phpmyadmin_pmasa_2018_4.naslVulnerability Published: 2018-06-21This Plugin Published: 2018-06-27Last Modification Time: 2022-04-11Plugin Version: 1.9Plugin Type: remotePlugin Family: CGI abusesDependencies: phpMyAdmin_detect.naslRequired KB Items [?]: installed_sw/phpMyAdmin, Settings/ParanoidReport, www/PHP

Severity: HighVulnerability Published: 2018-06-21Patch Published: 2018-06-21CVE [?]: CVE-2018-12613CPE [?]: cpe:/a:phpmyadmin:phpmyadmin

According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.8.x prior to 4.8.2. It is, therefore, affected by the file inclusion and remote code execution vulnerabilities

This is the phpmyadmin_pmasa_2018_4.nasl nessus plugin source code. This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.#%NASL_MIN_LEVEL 70300## (C) Tenable Network Security, Inc.#include('deprecated_nasl_level.inc');include('compat.inc');if (description){ script_id(110722); script_version("1.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11"); script_cve_id("CVE-2018-12613"); script_bugtraq_id(104532); script_name(english:"phpMyAdmin 4.8.x < 4.8.2 Vulnerability (PMASA-2018-4)"); script_set_attribute(attribute:"synopsis", value:"The remote web server hosts a PHP application that is affected byfile inclusion and remote code execution vulnerabilities."); script_set_attribute(attribute:"description", value:"According to its self-reported version number, the phpMyAdminapplication hosted on the remote web server is 4.8.x prior to4.8.2. It is, therefore, affected by the file inclusion and remote code execution vulnerabilitiesNote that Nessus has not attempted to exploit these issues but hasinstead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:" -2018-4/"); script_set_attribute(attribute:"solution", value:"Upgrade to phpMyAdmin version 4.8.2 or later.Alternatively, apply the patch referenced in the vendor advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-12613"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"d2_elliot_name", value:"phpMyAdmin 4.8.1 RCE"); script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'phpMyAdmin Authenticated Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/21"); script_set_attribute(attribute:"patch_publication_date", value:"2018/06/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/06/27"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:phpmyadmin:phpmyadmin"); script_set_attribute(attribute:"thorough_tests", value:"true"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("phpMyAdmin_detect.nasl"); script_require_keys("www/PHP", "installed_sw/phpMyAdmin", "Settings/ParanoidReport"); script_require_ports("Services/www", 80); exit(0);}include("audit.inc");include("global_settings.inc");include("misc_func.inc");include("http.inc");include("install_func.inc");if (report_paranoia < 2) audit(AUDIT_PARANOID);appname = "phpMyAdmin";get_install_count(app_name:appname, exit_if_zero:TRUE);port = get_http_port(default:80, php:TRUE);install = get_single_install(app_name:appname, port:port, exit_if_unknown_ver:TRUE);dir = install['path'];url = build_url(qs:dir, port:port);version = install['version'];if (version =~ "^4(\.8)?$") audit(AUDIT_VER_NOT_GRANULAR, appname, port, version);if (version !~ "^4\.8\.[0-9]") audit(AUDIT_WEB_APP_NOT_INST, appname + " 4.8.x", port);re = make_array( -2, "-beta(\d+)", -1, "-rc(\d+)");# Affected version# 4.8.x < 4.8.2cut_off = '4.8.0';fixed_ver = '4.8.2';if (ver_compare(ver:version, minver:cut_off, fix:fixed_ver, regexes:re) == -1){ report = '\n URL : ' + url + '\n Installed version : ' + version + '\n Fixed version : ' + fixed_ver + '\n'; security_report_v4(port:port, severity:SECURITY_WARNING, extra:report);}else audit(AUDIT_WEB_APP_NOT_AFFECTED, appname, url, version);

The latest version of this script can be found in these locations depending on your platform:Linux / Unix:/opt/nessus/lib/nessus/plugins/phpmyadmin_pmasa_2018_4.naslWindows:C:\ProgramData\Tenable\Nessus\nessus\plugins\phpmyadmin_pmasa_2018_4.naslMac OS X:/Library/Nessus/run/lib/nessus/plugins/phpmyadmin_pmasa_2018_4.nasl

This page has been produced using Nessus Professional 10.1.2 (#68) LINUX, Plugin set 202205072148.Plugin file phpmyadmin_pmasa_2018_4.nasl version 1.9. For more plugins, visit the Nessus Plugin Library.

With the database password, an attacker could attempt to login as the WordPress admin using the same password (if passwords were re-used). A more common attack vector would be to login to the phpmyadmin script if installed, as this uses the database credentials. If MySQL is exposed, it may even possible to directly connect to the database using a MySQL database client and the leaked credentials.

Access to the database provides the attacker options to reset the administrator password, attempt to crack the admin hash, modify content in the database, adding malicious js or iframes. There are many possibilities for further exploitation once the credentials in wp-config.php are leaked.

ID: 138595Name: phpMyAdmin 4.x < 4.9.4 / 5.x < 5.0.1 SQLi (PMASA-2020-1)Filename: phpmyadmin_pmasa_2020_1.naslVulnerability Published: 2020-01-05This Plugin Published: 2020-07-17Last Modification Time: 2022-04-11Plugin Version: 1.3Plugin Type: remotePlugin Family: CGI abusesDependencies: phpMyAdmin_detect.naslRequired KB Items [?]: installed_sw/phpMyAdmin, www/PHP

Severity: HighVulnerability Published: 2020-01-05Patch Published: 2020-01-05CVE [?]: CVE-2020-5504CPE [?]: cpe:/a:phpmyadmin:phpmyadmin

This is the phpmyadmin_pmasa_2020_1.nasl nessus plugin source code. This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.#%NASL_MIN_LEVEL 70300## (C) Tenable Network Security, Inc.#include('deprecated_nasl_level.inc');include('compat.inc');if (description){ script_id(138595); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11"); script_cve_id("CVE-2020-5504"); script_name(english:"phpMyAdmin 4.x < 4.9.4 / 5.x < 5.0.1 SQLi (PMASA-2020-1)"); script_set_attribute(attribute:"synopsis", value:"The remote web server hosts a PHP application that is affected by a SQL injection vulnerability."); script_set_attribute(attribute:"description", value:"According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.x priorto 4.9.4, or 5.x prior to 5.0.1. It is, therefore, affected by a SQL injection (SQLi) vulnerability in the user accountspage. An authenticated, remote attacker can exploit this, by injecting custom SQL in place of their own username, toinject or manipulate SQL queries in the back-end database, resulting in the disclosure or manipulation of arbitrarydata.Note that Nessus has not attempted to exploit these issues but has instead relied only on the application'sself-reported version number."); script_set_attribute(attribute:"see_also", value:" -2020-1/"); script_set_attribute(attribute:"solution", value:"Upgrade to phpMyAdmin version 4.9.4, 5.0.1, or later. Alternatively, apply the patches referenced in the vendoradvisories."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-5504"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/05"); script_set_attribute(attribute:"patch_publication_date", value:"2020/01/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/07/17"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:phpmyadmin:phpmyadmin"); script_set_attribute(attribute:"thorough_tests", value:"true"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("phpMyAdmin_detect.nasl"); script_require_keys("www/PHP", "installed_sw/phpMyAdmin"); script_require_ports("Services/www", 80); exit(0);}include('http.inc');include('vcf.inc');port = get_http_port(default:80, php:TRUE);appname = 'phpMyAdmin';app_info = vcf::get_app_info(app:appname, port:port, webapp:TRUE);constraints = [ { 'min_version':'4.0.0', 'fixed_version':'4.9.4' }, { 'min_version':'5.0.0', 'fixed_version':'5.0.1' }];vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING, flags:{sqli:TRUE}); 2b1af7f3a8