CVE-2015-6830

phpMyAdmin 4.3.x-4.3.13.1 & 4.4.x-4.4.14.0 - Brute-Force Protection Bypass via reCaptcha

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-6830. PoCs published by Nikola Markovic.

AI-analyzed exploit summary This exploit targets a brute-force login bypass vulnerability in PHPMyAdmin versions >3.0 and <4.3.13.2/4.4.14.1. It attempts to authenticate as 'root' with a predefined password list by extracting and reusing session tokens.

Description

libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote attackers to bypass a multiple-reCaptcha protection mechanism against brute-force credential guessing by providing a correct response to a single reCaptcha.

Exploits (1)

exploitdb WORKING POC

by Nikola Markovic · pythonremotephp

https://www.exploit-db.com/exploits/52414

View Code ZIP pw:eip

This exploit targets a brute-force login bypass vulnerability in PHPMyAdmin versions >3.0 and <4.3.13.2/4.4.14.1. It attempts to authenticate as 'root' with a predefined password list by extracting and reusing session tokens.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: PHPMyAdmin >3.0 & 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1

No auth needed

Prerequisites: Target URL with vulnerable PHPMyAdmin instance

MITRE ATT&CK