PHPMiniAdmin 1.9 Database Open No-Secure Exploit

2019.03.04

Negat1ve1337 (ID)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: inurl:phpminiadmin

[+]Exploit Title: PHPMiniAdmin 1.9 Database Open No-Secure Exploit
[+]Author: Negat1ve | negat1ve1337.root@gmail.com
[+]Team: -1
[+] Creator: Oleg Savchuk
[+]Goolge Dork: 

inurl:phpminiadmin.php

[+]Tested on: Mito Android Device
======================================= 
[+]Proof Of Concept: 

Find some site with no-login Database
Risk: Leaked Data, Write Data, Drop Data, etc

Example: 
https://karmickdev.com/salon/db/phpminiadmin.php

The database will opened, click "show tables" then do what you want with the database

NB: Need to learn MYSQL language to operate

Greetz: Electronic Thunderbolt Team - Giant-ps - Anonymous arabe - special for Posit1ve ( my gf )

References:

Myself and my gf

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

PHPMiniAdmin 1.9 Database Open No-Secure Exploit

Dork: inurl:phpminiadmin

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.