PHP CGI ARGUMENT INJECTION

First we navigate to the phpmyadmin page on the webserver and check to see if its vulnerable by typing (?-s) in the URL bar or the browser.



By doing this we have confirmed it is vulnerbale and now its time to exploit it.

I used the loit/multi/http/php_cgi_arg_injection exploit
and the php/meterpreter/reverse_tcp payload.




I set up the required options (LHOST, RHOST) and fired the exploit.



How to fix it ?

Use an updated verison of phpmyadmin
www.000webhost.com