FS-05-02.txt

FS-05-02.txt: Posted Nov 20, 2005; Authored by Toni Koivunen | Site fitsec.com; phpMyAdmin is susceptible to HTTP response splitting and path disclosure flaws.; tags | advisory, web; SHA-256 | 276bb54ac4016a353496481ef1ad8f22a98807ff7fb2fbe6ed62b6a6ade94f06; Download | Favorite | View

FS-05-02.txt

===============================================================================


_________________________________________
Security Advisory
_________________________________________
http://www.fitsec.com/advisories/FS-05-02.txt
_________________________________________

  Severity: Low/Medium
  Title: Multiple vulnerabilities in phpMyAdmin
  Date: 12.11.2005
  ID: FS-05-02
  Author: Toni Koivunen (toni.koivunen (at) fitsec.com)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Background:

phpMyAdmin is a tool written in PHP intended to handle the 
administration of MySQL over the Web. Currently it can create and drop 
databases, create/drop/alter tables, delete/edit/add fields, execute any 
SQL statement, manage keys on fields.

Affected versions:

Atleast 2.7.0-beta1, most likely others versions also.

Description:


Vuln 1:
Full Path Disclosures in the following files:

libraries/string.lib.php
libraries/storage_engines.lib.php
libraries/sqlparser.lib.php
libraries/sql_query_form.lib.php
libraries/select_theme.lib.php
libraries/select_lang.lib.php
libraries/relation_cleanup.lib.php
libraries/left_header.inc.php
libraries/import.lib.php
libraries/header_meta_style.inc.php
libraries/grab_globals.lib.php
libraries/get_foreign.lib.php 
(get_foreign.lib.php?field=foo&foreigners[foo]=foo)
libraries/display_tbl_links.lib.php 
(display_tbl_links.lib.php?doWriteModifyAt=left&edit_url=foo)
libraries/display_import.lib.php
libraries/display_export.lib.php
libraries/display_create_table.lib.php
libraries/display_create_database.lib.php
libraries/db_table_exists.lib.php
libraries/database_interface.lib.php
libraries/common.lib.php
libraries/check_user_privileges.lib.php
libraries/charset_conversion.lib.php 
(charset_conversion.lib.php?cfg[AllowAnywhereRecoding]=true&allow_recoding=true)
libraries/sqlvalidator.lib.php 
(libraries/sqlvalidator.lib.php?cfg[SQLValidator]=use=TRUE)
libraries/import/sql.php
libraries/fpdf/ufpdf.php
libraries/auth/cookie.auth.lib.php 
(libraries/auth/cookie.auth.lib.php?coming_from_common=true)




Vuln 2:
Http Response Splitting in libraries/header_http.inc.php

The script doesn't check for direct access. If register_globals
is on, it is possible for a remote attacker to cause http
response splitting.


Impact:

A remote attacker could exploit this to learn installation paths on
server.
The HTTP Response splitting vulnerability can lead to user compromise
amongst other things.





Status:
12.11.2005 Vulnerabilities found



Acknowledgements:
To the community at dievo.org, keep it up :)

Top Authors In Last 30 Days

Red Hat 205 files
Ubuntu 84 files
Gentoo 31 files
Debian 21 files
tmrswrr 10 files
Sina Kheirkhah 7 files
bRpsd 4 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files
Google Security Research 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,078)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,350)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,266)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,658)
UNIX (9,425)
UnixWare (187)
Windows (6,666)
Other

FS-05-02.txt

FS-05-02.txt

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

FS-05-02.txt

Share This

FS-05-02.txt

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems