Bugtraq mailing list archives
Re: Arbitrary File Disclosure Vulnerability in phpMyAdmin 2.5.5-pl1 and prior
From: Security Admin <security () cyberlink ch>
Date: Thu, 5 Feb 2004 14:12:42 +0100
On Tue, Feb 03, 2004 at 11:28:57AM +0100, Cedric Cochin wrote:
- -- HTTP Request -- http://[target]/[phpMyAdmin_directory]/export.php?what=../../../../../../etc/passwd%00 - -- HTTP Request --
That's what "php_value include_path" is for. Most Sites running phpmyadmin probably have users which not only can manage their databases, but also put up php-code as they like. And of course they can upload things like that: http://seegras.discordia.ch/Programs/phpdir Cheers Peter Keel -- Operator in charge of Security Tel +41 1 287 2993 Cyberlink Internet Services AG Fax +41 1 287 2991 Richard Wagnerstrasse 6 admin () cyberlink ch CH-8002 Zuerich http://www.cyberlink.ch
Current thread:
- Arbitrary File Disclosure Vulnerability in phpMyAdmin 2.5.5-pl1 and prior Cedric Cochin (Feb 03)
- Re: Arbitrary File Disclosure Vulnerability in phpMyAdmin 2.5.5-pl1 and prior Security Admin (Feb 06)