PhpMyAdmin Client Side 0Day Code Injection and Redirect Link Falsification detection rule

2010.12.06에 나온 phpmyadmin exploit

 

PhpMyAdmin Client Side 0Day Code Injection and Redirect Link Falsification

http://www.exploit-db.com/exploits/15699/

 

POC :

http://127.0.0.1/phpmyadmin/error.php?type=This+is+a+client+side+hole+evidence&error=Client+side+attack+via+characters+injection[br]It%27s+possible+use+some+special+tags+too[br]Found+by+Tiger+Security+Tiger+Team+-+[a%40http://www.tigersecurity.it%40_self]This%20Is%20a%20Link[%2Fa]

 

테스트화면 :

탐지 룰 :

 

alert tcp any any -> any 80 (flow:established, to_server; content:”/error.php”; pcre:”/\/error.php[^\r\n]+\x26error\x3d[^\x26]+http\x3a\x2f\x2f/is”;)

Advertisements

About this entry