Jul 08 2011

phpMyAdmin 3 Remote Code Execution Exploit

#!/usr/bin/env python
# coding=utf-8
# pma3 – phpMyAdmin3 remote code execute exploit
# Author: wofeiwo
# Thx Superhei
# Tested on: 3.1.1, 3.2.1, 3.4.3
# CVE: CVE-2011-2505, CVE-2011-2506
# Date: 2011-07-08
# Have fun, DO *NOT* USE IT TO DO BAD THING.
######################################################
# Requirements:
# 1. “config” directory must created & writeable in pma directory.
# 2. session.auto_start = 1 in php.ini configuration.
######################################################

Download: pma3-exec.txt