• Revista PROGRAMAR: Já está disponível a edição #53 da revista programar. Faz já o download aqui!


HTTP Backdoor - SQL injection in phpMyAdmin by means of XSRF

1 post in this topic

Muito bom para se aprender diversas técnicas... e um bom exemplo de "exploitation" para garantir accesso remoto pelo vector principal, o sempre aberto HTTP

backdoors XSS têm sido um dos principais mecanismos para garantir root remota com a particularidade de usar o vector que está quase sempre aberto

Exploit information:

This is a Remote php code execution PoC exploit.

The exploit is dropping a php backdoor into /var/www/backdoor.php,  this attack will not work on the newest Ubuntu or Fedora... machines due to AppArmor and SELinux respectively.

This is a XSRF attack to access SQL Injection so the same rules for

executing XSRF attacks still apply.

Steps for exploitation:

1)The Victim's browser must be authenticated to phpMyAdmin at the time

of attack.

2)You must know the URL to phpMyAdmin.

3)Finly,  to execute the attack the Victim's browser then needs to

view the malicious img tag:


uma demonstração em video muito interessante onde podem ver passo a passo e visualmente


teckV - hack the planet


Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now