PHP code injection in phpMyAdmin setup.php

This repository contains a Python script (x.py) that is a port of an old Perl scanner/exploit for a phpMyAdmin vulnerability from around 2009. The script takes a list of target hosts and attempts to access the /phpmyadmin/scripts/setup.php endpoint on each, checking for signs of a vulnerable phpMyAdmin installation. If found, it extracts a CSRF token and version information from the response, crafts a serialized PHP object payload (potentially for remote file inclusion or code execution), and sends it via a POST request to the same endpoint. The script uses multithreading to scan multiple hosts in parallel and reports which hosts are vulnerable, including the detected phpMyAdmin version. The main exploit logic is contained in x.py, and there are no other code files. The script is operational and could be used to identify and exploit vulnerable phpMyAdmin instances, but it targets a very old vulnerability and is primarily of historical or educational interest.

This repository contains a Bash proof-of-concept exploit for CVE-2009-1151, a remote code execution vulnerability in phpMyAdmin versions 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1. The exploit targets phpMyAdmin installations where the setup wizard was used and the /config/ directory remains present. The main script, minervais.com.phpMyAdminRCE.sh, automates the exploitation process by sending crafted POST requests to /scripts/setup.php to inject PHP code into config.inc.php. Once injected, the attacker can execute arbitrary shell commands or PHP code via HTTP GET parameters to config.inc.php. The repository includes a README with usage instructions and a demonstration. The exploit requires curl and is operational against network-accessible phpMyAdmin instances. No fake or detection-only scripts are present; the code is a functional exploit.