Mango of ha.xxor.se

2 exploits Active since Jul 2011

CVE-2011-2505 EXPLOITDB php WORKING POC

Phpmyadmin < 3.3.10.2 - Code Injection

libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted request, related to a "remote variable manipulation vulnerability."

View Code

CVE-2011-2506 EXPLOITDB php WORKING POC

Phpmyadmin < 3.3.10.2 - Code Injection

setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array.

View Code