Strona 1 z 2 12 OstatniOstatni
Pokaż wyniki 1 do 10 z 13

Temat: Dziura w XAMPP - user PMA bez hasla

  1. #1
    Zarejestrowany
    Aug 2009
    Postów
    2

    Domyślnie Dziura w XAMPP - user PMA bez hasla

    Podobno da się zawładnąć serwerem z zainstalowanym xamppem przez luke w zabezpieczeniach xamppa - a dokladniej, usera PMA bez hasla. tu cytat:

    I found a "security vulnerability" in phpMyAdmin which comes with XAMPP. The control user pma comes with an empty password as default, and XAMPP does not alert the user about this.

    The user pma has more permissions than it should have.
    I teraz o jakie uprawnienia chodzi? Szukalem ale nigdzie nie idzie tego znaleźć.

  2. #2
    Zarejestrowany
    Jun 2006
    Skąd
    rand(.eu)
    Postów
    8,748

    Domyślnie

    Najprosciej zainstaluj XAMPP i sam sprawdz o co chdzi
    ctrl-alt-del.cc - soft reset site for IT admins and other staff :-)

  3. #3
    Zarejestrowany
    Aug 2009
    Postów
    2

    Domyślnie

    mam zainstalowanego. Próbowałem coś zrobić, ale nic nie wychodzi. probowalem przez SELECT 'kod shella' INTO OUTFILE c:\xampp~, ale user PMA nie ma do tego uprawnień - jedno wiem, na 100% da się jakoś wykorzystać PMA żeby zdobyć roota, bno juz widziałem takie przypadki.

  4. #4
    Avatar GSG-9
    GSG-9 jest offline Shapeshifter
    Zarejestrowany
    Jul 2007
    Skąd
    C:\Perl\bin
    Postów
    1,578

    Domyślnie

    The user pma has more permissions than it should have.
    Kod:
    SELECT 'kod shella' INTO OUTFILE c:\xampp~
    nie sadzisz ze nie chodzi o windowsa?
    War, war never changes.

  5. #5
    Zarejestrowany
    Feb 2009
    Skąd
    Rzeszów
    Postów
    18

    Domyślnie

    Damn I am so interested about this, doesn't anybody know how to use this PMA user? I know they can gain root password with it.

    I found only this, but I dont know how to use it in Xampp for windows.
    http://bugs.gentoo.org/show_bug.cgi?id=88831
    >> Ponad Twoim zrozumieniem, twarzą w twarz z przeznaczeniem <<

  6. #6
    Zarejestrowany
    Jun 2006
    Skąd
    rand(.eu)
    Postów
    8,748

    Domyślnie

    Cytat Napisał adamus_1234 Zobacz post
    I know they can gain root password with it.
    I found only this, but I dont know how to use it in Xampp for windows.
    root in windows - good luck!
    ctrl-alt-del.cc - soft reset site for IT admins and other staff :-)

  7. #7
    Zarejestrowany
    Feb 2009
    Skąd
    Rzeszów
    Postów
    18

    Domyślnie

    Cytat Napisał TQM Zobacz post
    root in windows - good luck!
    Well, I mean the user root in Phpmyadmin which comes with Xampp. Seriously nobody doesn't know? I know PMA user has these rights:

    GRANT SELECT, INSERT, UPDATE, DELETE ON phpmyadmin.* TO 'pma'@'localhost';
    >> Ponad Twoim zrozumieniem, twarzą w twarz z przeznaczeniem <<

  8. #8
    Zarejestrowany
    Jan 2008
    Postów
    139

    Domyślnie

    UPDATE user SET password=PASSWORD("the-new-root-password") WHERE User='root';
    flush privileges;

  9. #9
    Zarejestrowany
    Feb 2009
    Skąd
    Rzeszów
    Postów
    18

    Domyślnie

    UPDATE user SET password=PASSWORD("asdasd") WHERE User='root';
    #1146 - Table 'phpmyadmin.user' doesn't exist
    Had to delete the part with the "FLUSH" command, because it seems that we can't "FLUSH" with user PMA.

    Then I decided to add this "#" before the command. Managed to run the query, but when I tried to login, it didn't work

    Your SQL query has been executed successfully
    C'mon guys, let's solve this. There seems to be lot of people to know about it in other forums, but they are selfish! Haha!
    Ostatnio edytowane przez adamus_1234 : 09-02-2009 - 18:58
    >> Ponad Twoim zrozumieniem, twarzą w twarz z przeznaczeniem <<

  10. #10
    Zarejestrowany
    Jan 2008
    Postów
    139

    Domyślnie

    surely noone will put it on public board cos they dont want do just every1 to know, I honestly dunno cos I never tried it, maybe u re trying on already secured server?

    i found

    ========================================
    Beating so called "secured" PMA servers
    By: Ian Cummings aka d2mmn
    =======================================
    iNLiZE CreW
    =======================================
    Say we come across a site running phpmyadmin with default user. We get inside, and click PHP-Information, and we get a 421 error. Or perhaps PHP-Information isn't even present. Lets see if we can get around that. Click on "Databases". Then once the screen loads click the "Variables" tab on top. Scroll down a little ways until you come across this line:

    basedir:

    Here it tells us where the mysql is running (ex. basedir c:\wamp\mysql\) Now, lets say we wanted to exploit this. Our only reason to gather the directory of PMA is to write our shell to a .php file. So lets take a couple guesses:

    c:\wamp\phpmyadmin\
    c:\wamp\www\phpmyadmin\


    We use those directories when trying to write our shell, and we get success! A little bit of luck and guessing and we are in. This will not work on all PMA's and probably won't work on many. However, just another vulnerability involved if you leave your PMA with default root user.

    -d2

    p.s. Sorry if this is in the wrong forum, wasn't exactly sure where to put it.


    Go to Privileges>edit root>localhost

    Check out the section below that's called Change Login Information / Copy User

    Should be the following:
    User name:>Use text field:>root
    Host:>local>localhost
    Password: Choices>Do not change password>No password>Use text field
    Select No Password - to delete your current password
    Select Use text field - to change the password
    The other choice is self explanatory.
    config.inc.php
    $cfg['Servers'][$i]['password'] = 'NEW_ROOT_PASSWORD';

Strona 1 z 2 12 OstatniOstatni

Podobne wątki

  1. Xampp
    By bagerek in forum PHP/CGI/ASP/JSP/J2EE
    Odpowiedzi: 7
    Autor: 02-07-2009, 11:58
  2. BT3 +nowy user
    By Elber in forum Linux
    Odpowiedzi: 0
    Autor: 06-04-2008, 19:56
  3. User versus Mouse
    By hedVB in forum Off Topic
    Odpowiedzi: 21
    Autor: 02-22-2008, 22:14
  4. user
    By pablox in forum /dev/null
    Odpowiedzi: 2
    Autor: 06-19-2007, 17:59

Zasady Postowania

  • Nie możesz zakładać nowych tematów
  • Nie możesz pisać wiadomości
  • Nie możesz dodawać załączników
  • Nie możesz edytować swoich postów
  •  
Subskrybuj