PoC of CVE-2017-1000499
phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc.
- Makefile
- web/index.html
git clone https://github.com/Villaquiranm/5MMISSI-CVE-2017-1000499.git
cd 5MMISSI-CVE-2017-1000499/
To build both containers you only need to type a single command.
make create
At this point it is necessary to wait because php server and database need to be configurated. This delay is approximately one minute after a successful build.
-
First go to Localhost.
-
Type root as user and password. (if you get an error it is because server is still configurating itself).
-
Observe carefully all your database schemas.
-
Assuming you are still in this repository. We will create a Python server to exploit this vulnerability.
cd web/
python -m SimpleHTTPServer 8888
- Go to Localhost:8888.
- Reaload your database page (localhost).
make clean