Full Disclosure mailing list archives
[FS-05-02] Multiple vulnerabilities in phpMyAdmin
From: Toni Koivunen <toni.koivunen () fitsec com>
Date: Tue, 15 Nov 2005 13:53:50 +0200
=============================================================================== _________________________________________ Security Advisory _________________________________________ http://www.fitsec.com/advisories/FS-05-02.txt _________________________________________ Severity: Low/Medium Title: Multiple vulnerabilities in phpMyAdmin Date: 12.11.2005 ID: FS-05-02 Author: Toni Koivunen (toni.koivunen (at) fitsec.com) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Background:phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields.
Affected versions: Atleast 2.7.0-beta1, most likely others versions also. Description: Vuln 1: Full Path Disclosures in the following files: libraries/string.lib.php libraries/storage_engines.lib.php libraries/sqlparser.lib.php libraries/sql_query_form.lib.php libraries/select_theme.lib.php libraries/select_lang.lib.php libraries/relation_cleanup.lib.php libraries/left_header.inc.php libraries/import.lib.php libraries/header_meta_style.inc.php libraries/grab_globals.lib.phplibraries/get_foreign.lib.php (get_foreign.lib.php?field=foo&foreigners[foo]=foo) libraries/display_tbl_links.lib.php (display_tbl_links.lib.php?doWriteModifyAt=left&edit_url=foo)
libraries/display_import.lib.php libraries/display_export.lib.php libraries/display_create_table.lib.php libraries/display_create_database.lib.php libraries/db_table_exists.lib.php libraries/database_interface.lib.php libraries/common.lib.php libraries/check_user_privileges.lib.phplibraries/charset_conversion.lib.php (charset_conversion.lib.php?cfg[AllowAnywhereRecoding]=true&allow_recoding=true) libraries/sqlvalidator.lib.php (libraries/sqlvalidator.lib.php?cfg[SQLValidator]=use=TRUE)
libraries/import/sql.php libraries/fpdf/ufpdf.phplibraries/auth/cookie.auth.lib.php (libraries/auth/cookie.auth.lib.php?coming_from_common=true)
Vuln 2: Http Response Splitting in libraries/header_http.inc.php The script doesn't check for direct access. If register_globals is on, it is possible for a remote attacker to cause http response splitting. Impact: A remote attacker could exploit this to learn installation paths on server. The HTTP Response splitting vulnerability can lead to user compromise amongst other things. Status: 12.11.2005 Vulnerabilities found Acknowledgements: To the community at dievo.org, keep it up :) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [FS-05-02] Multiple vulnerabilities in phpMyAdmin Toni Koivunen (Nov 15)