PhpMyAdmin Server Import Page - Detect

ID: pma-server-import

Severity: high

Author: Cristi vlad (@cristivlad25)

Tags: phpmyadmin,misconfig

Description

Multiple phpMyAdmin server import pages were detected.

YAML Source

id: pma-server-import

info:
  name: PhpMyAdmin Server Import Page - Detect
  author: Cristi vlad (@cristivlad25)
  severity: high
  description: Multiple phpMyAdmin server import pages were detected.
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-200
  metadata:
    max-request: 10
  tags: phpmyadmin,misconfig

http:
  - method: GET
    path:
      - "{{BaseURL}}{{paths}}"
    payloads:
      paths:
        - "/pma/server_import.php"
        - "/phpmyadmin/server_import.php"
        - "/phpMyAdmin 2/server_import.php"
        - "/db/server_import.php"
        - "/server_import.php"
        - "/PMA/server_import.php"
        - "/admin/server_import.php"
        - "/admin/pma/server_import.php"
        - "/phpMyAdmin/server_import.php"
        - "/admin/phpMyAdmin/server_import.php"

    stop-at-first-match: true

    matchers-condition: and
    matchers:
      - type: word
        condition: and
        words:
          - "File to import"
          - "Location of the text file"

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100d0d20705e64eb9937cf60e7ce1c80e7e93230786792bba179e569576710752ed02205f7b6474b7020c208b259ea6d4bb0b67ee7af1e53cf80806dea5a5f804811f79:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/misconfiguration/phpmyadmin/phpmyadmin-server-import.yaml"

View on Github