features

post news


(SMS/Articles)

search files, exploits & links sections:

featured download

GFI LANguard – Scan for and remediate security vulnerabilities. Now in FREEWARE!
Download here

logged users

active for last 5 minutes

registered users: 19450

There are currently 0 registered users and 24 guests browsing the website.

online chat
 server:
   irc.xor.cx
 channel:
   #neworder

random article
Architecture of Privacy
dataDec 12 2008

quotable quotes
Do every act of your life as if it were your last.
M. Aurelius

NO image gallery
Jul 26, 2009

lol.jpg / other stuff
click on the picture to enlarge and see description

read (0) / write comment

submit a picture to the gallery
Arbitrary File Disclosure Vulnerability in phpMyAdmin 2.5.5-pl1 and prior
@ Exploits -> Other     Feb 06 2004, 23:16 (UTC+0)
unsurreal writes: -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Arbitrary File Disclosure Vulnerability in phpMyAdmin 2.5.5-pl1 and prior

################################################################################
Summary :

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the WWW. There is a vulnerability in the current stable version of phpMyAdmin that allows an attacker to retrieve arbitrary files from the webserver with privileges of the webserver..

################################################################################
Details :

The export PHP script can be exploited to disclose arbitrary file using a
include() PHP call.

Vulnerable Systems:
* phpMyAdmin 2.5.5-pl1 and prior

Release Date :
February 2, 2004

Severity :
HIGH

################################################################################
Examples :

-------------------------------------------

I - Arbitrary File Disclosure
(HIGH Risk)

File impacted : export.php

14:// What type of export are we doing?
15:if ($what == 'excel') {
16:    $type = 'csv';
17:} else {
18:    $type = $what;
19:}
20:
21:/**
22: * Defines the url to return to in case of error in a sql statement
23: */
24:require('./libraries/export/' . $type . '.php');

Exploit example:

- -- HTTP Request --

http://[target]/[phpMyAdmin_directory]/export.php?what=../../../../../../etc/passwd%00

- -- HTTP Request --

The vulnerability is available evenif PHP register_globals is set to off.

################################################################################
Vendor Status :

The information has been provided to the phpMyAdmin Project Managers.
A new release candidate 2.5.6-rc1 with fixes for this vulnerability is available.
- --> http://www.phpmyadmin.net/home_page/
- --> http://www.phpmyadmin.net/home_page/relnotes.php?rel=0

################################################################################
Credit :

Cedric Cochin, Security Engineer, netVigilance, Inc. (www.netvigilance.com) < cco@netvigilance.com >

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQFAH3dJA9/8vqmWoYQRAjNoAJ4pGgoQBT9WoyPmbfw4h/6LkcjR6wCeNBj2
ekO25itz2ssIvwgf2WRb/4k=
=Yuh1
-----END PGP SIGNATURE-----

read comments (0) / write comment
printer-friendly version

Top of page