Re: Arbitrary File Disclosure Vulnerability in phpMyAdmin 2.5.5-pl1 and prior

[Security Admin <security () cyberlink ch>]

On Tue, Feb 03, 2004 at 11:28:57AM +0100, Cedric Cochin wrote:
> - -- HTTP Request --
>
> http://[target]/[phpMyAdmin_directory]/export.php?what=../../../../../../etc/passwd%00
>
> - -- HTTP Request --

That's what "php_value include_path" is for. Most Sites running 
phpmyadmin probably have users which not only can manage their
databases, but also put up php-code as they like. And of course
they can upload things like that:

http://seegras.discordia.ch/Programs/phpdir

Cheers
Peter Keel
-- 
Operator in charge of Security        Tel +41 1 287 2993
Cyberlink Internet Services AG        Fax +41 1 287 2991
Richard Wagnerstrasse 6               admin () cyberlink ch
CH-8002 Zuerich                  http://www.cyberlink.ch