misc update and moving files around

2026-02-05 18:23:57 +08:00 · 2021-10-16 01:06:37 +05:30
parent 7bbfd6f87b
commit dd106dcb8f
3 changed files with 4 additions and 1 deletions
--- a/misconfiguration/phpmyadmin/phpmyadmin-sql.php-server.yaml
+++ b/misconfiguration/phpmyadmin/phpmyadmin-sql.php-server.yaml
@@ -0,0 +1,26 @@
+id: phpmyadmin-misconfiguration
+
+info:
+  name: Sensitive data exposure
+  author: pussycat0x
+  severity: high
+  description: Unauthenticated phpmyadmin leads to exposure of sensitive information
+  reference: https://www.exploit-db.com/ghdb/6997
+  tags: phpmyadmin,misconfig
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/phpmyadmin/index.php?db=information_schema"
+      - "{{BaseURL}}/phpMyAdmin/index.php?db=information_schema"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "var db    = 'information_schema';"
+          - "var opendb_url = 'db_structure.php';"
+        condition: and
+      - type: status
+        status:
+          - 200