loading
본문으로 바로가기

[V-Web] 02. PHPmyadmin 취약점 (로그인 페이지 접근 시도)

category 취약점 [Vulnerability]/웹 취약점 (Web Vulnerability) 2020. 5. 26. 17:25

phpmyadmin 페이지는 MySQL을 설치 후에 접근성과 간편함을 위해 웹으로 만들어진 페이지입니다.

 

대체적으로 개발자가 사용자를 추가하거나 데이터베이스를 생성 및 수정하기 위해 접속합니다.

그러므로 인가되지 않은 출발지 IP가 접근한다면 해킹시도를 의심해야 합니다.

 

1. phpMyAdmin 로그인 페이지

GET /phpmyadmin/ HTTP/1.1
Host: www.aaaa.com
Accept: text/html,application/xhtml,application/xml;q=0.9,image/webo,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate;q=1.0, identity;q=0
Referer: http://www.aaaaaa.com
User-Agaent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36

 

2. 위험성

해커가 웹 서버 프로세스에 악의적인 php코드를 삽입하거나, 관리자 권한을 획득하여 시스템을 손상시킬 수 있습니다.

 

 

※ 해결방안

1. phpmyadmin을 최신버젼으로 업데이트 합니다.

2. phpmyadmin을 설치한 후에 setup.php 파일을 삭제합니다.

추가

GET /phpmyadmin/index.php HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0
Host: xxx.xxx.xxx.xxx
Connect: Keep-Alive
Cache-Control: no-cache
GET /dbadmin/index.php HTTP/1.1 
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0 
Host: xxx.xxx.xxx.xxx
Connect: Keep-Alive 
Cache-Control: no-cache
GET /web/phpMyAdmin/index.php HTTP/1.1 
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0 
Host: xxx.xxx.xxx.xxx
Connect: Keep-Alive 
Cache-Control: no-cache
GET /admin/pma/index.php HTTP/1.1 
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0 
Host: xxx.xxx.xxx.xxx
Connect: Keep-Alive 
Cache-Control: no-cache
GET /mysqladmin/index.php HTTP/1.1 
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0 
Host: xxx.xxx.xxx.xxx
Connect: Keep-Alive 
Cache-Control: no-cache
GET phpMyAdmin4.8.1/index.php HTTP/1.1 
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0 
Host: xxx.xxx.xxx.xxx
Connect: Keep-Alive 
Cache-Control: no-cache

 

 

'취약점 [Vulnerability] > 웹 취약점 (Web Vulnerability)' 카테고리의 다른 글

[V-Web] 06. Netlink GPON Router 1.0.11 (원격 코드 실행 취약점)  (0) 2020.05.27
[V-Web] 05. PHPUnit 원격코드 실행 취약점  (0) 2020.05.27
[V-Web] 04. Netgear DGN1000 / DGN2200 인증우회 취약점 (Multiple Vulnerability)  (0) 2020.05.27
[V-Web] 03. ThinkPHP 원격코드 실행 취약점 (CVE-2018-20062)  (0) 2020.05.27
[V-Web] 01. 워드프레스 관리자페이지 접근 (WordPress Vulnerability)  (2) 2020.05.26
댓글 , 엮인글
SecuIT
블로그 이미지 SecuIT 님의 블로그
MENU
CATEGORY
VISITOR 오늘 / 전체

티스토리툴바