← All tools

CVE-2022-23808

https://github.com/dipakpanchal05/CVE-2022-23808

Free

Categories

Exploitation Web Application

Description

A series of weaknesses has been discovered that could allow an attacker to inject malicious code in to aspects of the setup script, which can allow XSS or HTML injection.

Keywords

bugbounty cross-site-scripting database exploit exploitation hacking infosec owasp owasp-top-10 pentesting phpmyadmin poc redteam redteaming vulnerability xss zeroday

Screenshots

Example Usage

GET /phpmyadmin/setup/index.php?page=servers&mode=test&id=test  HTTP/1.1      
Host: 127.0.0.1:1234       
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0      
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8      
Accept-Language: en-US,en;q=0.5     
Connection: close   
Cookie: pma_lang=en; phpMyAdmin=fs55xxxxxxx; pma_lang=en; pmaUser-1=xxxxxxxxxxxxxxxxxxxxxxxxxxx; phpMyAdmin=xxxxxxxxxxxxxxx; pmaAuth-1=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx           
Upgrade-Insecure-Requests: 1          
Cache-Control: max-age=0