linux
شنبه 18 بهمن 1382, 20:46 عصر
Arbitrary File Disclosure Vulnerability in phpMyAdmin 2.5.5-pl1 and prior
################################################## ##############################
Summary :
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the WWW. There is a vulnerability in the current stable version of phpMyAdmin that allows an attacker to retrieve arbitrary files from the webserver with privileges of the webserver..
################################################## ##############################
Details :
The export PHP script can be exploited to disclose arbitrary file using a
include() PHP call.
Vulnerable Systems:
* phpMyAdmin 2.5.5-pl1 and prior
Release Date :
February 2, 2004
Severity :
HIGH
################################################## ##############################
Examples :
-------------------------------------------
I - Arbitrary File Disclosure
(HIGH Risk)
File impacted : export.php
14:// What type of export are we doing?
15:if ($what == 'excel') {
16: $type = 'csv';
17:} else {
18: $type = $what;
19:}
20:
21:/**
22: * Defines the url to return to in case of error in a sql statement
23: */
24:require('./libraries/export/' . $type . '.php');
################################################## ##############################
Vendor Status :
The information has been provided to the phpMyAdmin Project Managers.
A new release candidate 2.5.6-rc1 with fixes for this vulnerability is available.
- --> http://www.phpmyadmin.net/home_page/
- --> http://www.phpmyadmin.net/home_page/relnotes.php?rel=0
################################################## ##############################
Credit :
Cedric Cochin, Security Engineer, netVigilance, Inc. (www.netvigilance.com) < cco@netvigilance.com >
----
Edited By Related Moderator
################################################## ##############################
Summary :
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the WWW. There is a vulnerability in the current stable version of phpMyAdmin that allows an attacker to retrieve arbitrary files from the webserver with privileges of the webserver..
################################################## ##############################
Details :
The export PHP script can be exploited to disclose arbitrary file using a
include() PHP call.
Vulnerable Systems:
* phpMyAdmin 2.5.5-pl1 and prior
Release Date :
February 2, 2004
Severity :
HIGH
################################################## ##############################
Examples :
-------------------------------------------
I - Arbitrary File Disclosure
(HIGH Risk)
File impacted : export.php
14:// What type of export are we doing?
15:if ($what == 'excel') {
16: $type = 'csv';
17:} else {
18: $type = $what;
19:}
20:
21:/**
22: * Defines the url to return to in case of error in a sql statement
23: */
24:require('./libraries/export/' . $type . '.php');
################################################## ##############################
Vendor Status :
The information has been provided to the phpMyAdmin Project Managers.
A new release candidate 2.5.6-rc1 with fixes for this vulnerability is available.
- --> http://www.phpmyadmin.net/home_page/
- --> http://www.phpmyadmin.net/home_page/relnotes.php?rel=0
################################################## ##############################
Credit :
Cedric Cochin, Security Engineer, netVigilance, Inc. (www.netvigilance.com) < cco@netvigilance.com >
----
Edited By Related Moderator