Bug: Inforamtion Discloser Vulnerabilities "phpMyAdmin" ( Ascii Version )

Search:
WLB2

Inforamtion Discloser Vulnerabilities "phpMyAdmin"

Published
Credit
Risk
2007.01.07
Tal Argoni
Low
CWE
CVE
Local
Remote
N/A
CVE-2007-0095
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

Thanks in advance,
Tal Argoni,CEH
www.zion-security.com



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070102/35bbe963/attachment.html
-------------- next part --------------



?= Security Advisory =?

Issue: Remote Inforamtion Discloser Vulnerabilities in "phpMyAdmin".
Discovered Date: 02/01/2007
Author: Tal Argoni. [talargoni at gmail.com]
Product Vendor: http://www.phpmyadmin.net/

Details:

phpMyAdmin is prone to an Information Disclosure.
The vulnerability exists in the "darkblue_orange" visual theme,
caused by the lack of Poor configurations.

By requesting the file
http://www.example.com/phpMyAdmin/themes/darkblue_orange/layout.inc.php
The php return a Fatal error that disclose the full path of
the file on the server.


Exploitation URL:
http://www.example.com/phpMyAdmin/themes/darkblue_orange/layout.inc.php


Vulnerable: phpMyAdmin v2.9.1.1

Solution:

go to line 33 and comment the line.
//$GLOBALS['cfg']['MainBackground']....;

Proof Of Concept:

http://www.example.com/phpMyAdmin/themes/darkblue_orange/layout.inc.php




See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version