PRP: Request phpMyAdmin Sensitive data exposure

google / tsunami-security-scanner-plugins

This project aims to provide a central repository for many useful Tsunami Security Scanner plugins.

Apache License 2.0

872 stars 176 forks source link

PRP: Request phpMyAdmin Sensitive data exposure #49

Closed pussycat0x closed 3 years ago

pussycat0x commented 3 years ago

Vulnerability details:

Type: Unauthenticated PHPMyAdmin leads to exposure of sensitive information Score: High References:

https://www.exploit-db.com/ghdb/6997

The vulnerability should be remotely exploitable without authentication and user interaction. Yes The detector should provide a reliable false-positive free detection report. Yes The vulnerability should have a relatively large impact radius. Yes, phpMyAdmin Please let me know if this is in scope as I've already made the development.

magl0 commented 3 years ago

Hi @pussycat0x, detector for this vulnerability has already been implemented internally and Google plans to release it to the public shortly. Thus this request is not in scope for the reward program.