| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 17 Oct 2011 04:18:39 -0700 (PDT) From: Ursu Mihail <mishka.ursu@...oo.com> To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk> Subject: phpMyAdmin 3.4.5 – Full path disclosure in phpmyadmin.css.php phpMyAdmin 3.4.5 suffers of insufficient input validation of the parameter js_frame in phpmyadmin.css.php, exposing information that could be used in further attacks. CVE Entry: CVE-2011-3646 CWE: CWE-20, CWE-200 PMASA ENTRY: PMASA-2011-15 ========= Description The script returns an error message, containing the full path if the js_frame parameter is defined as an array. ========= Exploit No authentication needed to exploit this vulnerability. http://example.com/path_to_phpmyadmin/phpmyadmin.css.php?js_frame[]=right ========= Official fix http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=d35cba980893aa6e6455fd6e6f14f3e3f1204c52 ========= Credits Discovered by Mihail Ursu ( http://securitate.md/ ) on 12 Sep 2011. ========= Disclosure Timeline Reported to vendor on 12 Sep 2011. Confirmation from vendor 21 Sep 2011. Patch confirmation 4 Oct 2011. Official fix and public disclosure 17 Oct 2011. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists