Bugtraq mailing list archives
Re: [SECURITYREASON.COM] phpMyAdmin 2.6.1 Remote file inclusion
From: "Calum Power" <enune () fribble net>
Date: Sat, 26 Feb 2005 11:37:14 +1100 (EST)
This bug exist in css/phpmyadmin.css.php. You can include files. Error exist in Code: - ------ $tmp_file = $GLOBALS['cfg']['ThemePath'] . '/' . $theme . '/css/theme_right.css.php'; if (@file_exists($tmp_file)) { include($tmp_file); } // end of include theme_right.css.php - ------ And now you can get files.
Incorrect. This is NOT a 'remote' file inclusion(due to the file_exists call), unless of course the affected user is running >= PHP5.0. It is usually good practice to state this in an advisory. Please see Appendix L at http://www.php.net/manual/en/wrappers.php
1.1 Or next include is in libraries/database_interface.lib.php Code: - --- 18# require_once('./libraries/dbi/' . $cfg['Server']['extension'] . '.dbi.lib.php'); - ---
Also incorrect. The call to require_once passes the absolute path './libraries/dbi/' before the variable is involved. This is a LOCAL file inclusion vulnerability.
- --- 5.Contact --- Author: Maksymilian Arciemowicz Location: Poland(Jelenia Gora), Luxembourg(Bereldange) Email: max [at] jestsuper [dot] pl GPG-KEY: http://security.jestsuper.pl http://securityreason.com/ Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFCHR89znmvyJCR4zQRAtj3AJ4wxM3WEn56GNohsG3f4U8Ku+/I8wCeMWQr YklTAm82iDqNu3so1uYsmEk= =ko9x -----END PGP SIGNATURE-----
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nullum magnum ingenium sine mixtura dementiae fuit [There is no great genius without some touch of madness] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Calum Power - Cultural Jammer - Security Enthusiast - Hopeless Cynic enune () fribble net http://www.fribble.net
Current thread:
- [SECURITYREASON.COM] phpMyAdmin 2.6.1 Remote file inclusion and XSS cXIb8O3.4 Maksymilian Arciemowicz (Feb 24)
- Re: [SECURITYREASON.COM] phpMyAdmin 2.6.1 Remote file inclusion Calum Power (Feb 26)