Jump to content
Nytro

phpMyAdmin 3.4.5

By Nytro, in Exploituri

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted (edited)

phpMyAdmin 3.4.5 – Full path disclosure in phpmyadmin.css.php

phpMyAdmin 3.4.5 suffers of insufficient input validation of the parameter js_frame in phpmyadmin.css.php, exposing

information that could be used in further attacks.

CVE Entry: CVE-2011-3646

CWE: CWE-20, CWE-200

PMASA ENTRY: PMASA-2011-15

=========

Description

The script returns an error message, containing the full path if the js_frame parameter is defined as an array.

=========

Exploit

No authentication needed to exploit this vulnerability.

http://example.com/path_to_phpmyadmin/phpmyadmin.css.php?js_frame[]=right

=========

Official fix

http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=d35cba980893aa6e6455fd6e6f14f3e3f1204c52

=========

Credits

Discovered by Mihail Ursu ( http://securitate.md/ ) on 12 Sep 2011.

=========

Disclosure Timeline

Reported to vendor on 12 Sep 2011.

Confirmation from vendor 21 Sep 2011.

Patch confirmation 4 Oct 2011.

Official fix and public disclosure 17 Oct 2011.

Sursa: http://seclists.org/fulldisclosure/2011/Oct/690

Poate fi foarte util. :)

Edited by Nytro

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...