lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20040205131240.GA8496@dns1.cyberlink.ch>
Date: Thu, 5 Feb 2004 14:12:42 +0100
From: Security Admin <security@...erlink.ch>
To: bugtraq@...urityfocus.com
Subject: Re: Arbitrary File Disclosure Vulnerability in phpMyAdmin 2.5.5-pl1 and prior


On Tue, Feb 03, 2004 at 11:28:57AM +0100, Cedric Cochin wrote:
> - -- HTTP Request --
> 
> http://[target]/[phpMyAdmin_directory]/export.php?what=../../../../../../etc/passwd%00
> 
> - -- HTTP Request --

That's what "php_value include_path" is for. Most Sites running 
phpmyadmin probably have users which not only can manage their
databases, but also put up php-code as they like. And of course
they can upload things like that:

http://seegras.discordia.ch/Programs/phpdir

Cheers
Peter Keel
-- 
Operator in charge of Security        Tel +41 1 287 2993
Cyberlink Internet Services AG        Fax +41 1 287 2991
Richard Wagnerstrasse 6               admin@...erlink.ch
CH-8002 Zuerich                  http://www.cyberlink.ch


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ