phpmyadmin exploit not working for me, anyone have any ideas?

[martin <nighthawk2600 () gmail com>]

Hello everyone,

I have a unique situation, i have a friend that is running a webserver 
with phpMyAdmin and he has been hacked. He asked me if i could help him 
figure out how the hacker accomplished this, apparently he told him he 
did it using phpmyadmin exploit. So i tried using msfconsole (with my 
friends permission) to figure out which exploit/payload the guy used to 
hack into my friends webserver. I know for a fact that he is using 
phpmyadmin when you load his ip address into a web browser with the 
right directory you get this:

Welcome to phpMyAdmin 2.10.1

so here is what i tried

msf> search phpmyadmin

msf> use /path/to/phpmyadmin exploit

msf> show options

msf > set RHOST ip address

msf > set URI /path

msf> show payloads

msf > use certain payload

msf> set options for payload

msf> exploit

[*] Started reverse handler on 192.168.1.6:4444
[*] Grabbing session cookie and CSRF token
[*] Sending save request
[*] Requesting our payload
[*] Exploit completed, but no session was created.
msf exploit(phpmyadmin_config) > exit

Now i tried every available payload that will work with the phpmyadmin 
exploit, however nothing worked. Now i know that in general terms that 
when it tells you that the exploit completed, but no session was created 
then more than likely the application is not vulnerable, however 
shouldn't phpmyadmin version 2.10.1 be vulnerable to this exploit? I am 
new to metasploit so i am reaching out to you more experienced users for 
any input that you might have on this situation. I really would like to 
help my friend figure out exactly how this happened. So if anyone has 
any ideas i would love to hear them.

Oh and so you know he is running a linux box with no firewall at the 
moment.

Thank you all for your time.



_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework