Open in app

Sign up

Sign in

Write

Sign up

Sign in

Exploit CVE-2022–23808

th3.d1p4k
InfoSec Write-ups
Published in
1 min readFeb 10, 2022

Hello cyber security enthusiast! This article is about on my recently assigned CVE of very popular database management tool. So, without any delay let’s start.

What is phpMyAdmin?

phpMyAdmin is a free and open-source administration tool for MySQL and MariaDB. As a portable web application written primarily in PHP, it has become one of the most popular MySQL administration tools, especially for web hosting services.

How to Identify?

You can identify by doing

  • Directory Brute forcing (i.e. /phpMyAdmin/)
  • Nmap (Ports i.e. 8081, 9090, 2086)
  • Shodan (query: http.component:phpMyAdmin)
  • Google Dork (Inurl:”/phpmyadmin/setup/index.php” Intitle:”phpMyAdmin”), etc.

Exploitation

GitHub - dipakpanchal05/CVE-2022-23808

Reference:

Acknowledgement: phpMyAdmin

Exploit: GitHub

CVE: CVE-2020–23808

Thank you for reading! 😊

Jay Hind, Vande Mataram 🇮🇳

Twitter: Dipak Panchal

Instagram: th3.d1p4k

🔈 🔈 Infosec Writeups is organizing its first-ever virtual conference and networking event. If you’re into Infosec, this is the coolest place to be, with 16 incredible speakers and 10+ hours of power-packed discussion sessions. Check more details and register here.

IWCon2022 - Infosec WriteUps Virtual Conference

Network With World's Best Infosec Professionals. Find How Cybersecurity Pros Achieved Success. Add New Skills to Your…

iwcon.live

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Sign up for free

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Try for $5/month
Exploit
PHP
Phpmyadmin
Bugbounting
Infosec

InfoSec Write-ups
InfoSec Write-ups
Follow

Published in InfoSec Write-ups

54K Followers
Last published 20 hours ago

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. Subscribe to our weekly newsletter for the coolest infosec updates: https://weekly.infosecwriteups.com/

Follow
th3.d1p4k
th3.d1p4k
Follow

Written by th3.d1p4k

854 Followers
4 Following

Cybersecurity Enthusiast | Blogger | CAP (SecOps) | phpMyAdmin (CVE 2022-23808)

Follow

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams