Re: Arbitrary File Disclosure Vulnerability in phpMyAdmin 2.5.5-pl1 and prior
On Tue, Feb 03, 2004 at 11:28:57AM +0100, Cedric Cochin wrote:
> - -- HTTP Request --
>
> http://[target]/[phpMyAdmin_directory]/export.php?what=../../../../../../etc/passwd%00
>
> - -- HTTP Request --
That's what "php_value include_path" is for. Most Sites running
phpmyadmin probably have users which not only can manage their
databases, but also put up php-code as they like. And of course
they can upload things like that:
http://seegras.discordia.ch/Programs/phpdir
Cheers
Peter Keel
--
Operator in charge of Security Tel +41 1 287 2993
Cyberlink Internet Services AG Fax +41 1 287 2991
Richard Wagnerstrasse 6 admin@xxxxxxxxxxxx
CH-8002 Zuerich http://www.cyberlink.ch