(sorry if you receive this message twice). About the PhpMyadmin Exploit : It doesnt't work with my configuration : I'm using PhpMyadmin 2.1.0 and I've modified sql.php3 and tbl_replace.php3.to correct a previous bug (I'm also using adv_auth). ** sql.php3 ** if($num_rows < 1) { if(file_exists("./$goto")) { include("header.inc.php3"); if(isset($zero_rows) && !empty($zero_rows)) $message = $zero_rows; else $message = $strEmptyResultSet; include(preg_replace('/\.\.*/', '.', $goto)); } instead of: if(file_exists("$goto")) ... Regards, Such Paul > I. The phpMyAdmin 2.1.0 holes > > There's two include() holes in phpMyAdmin 2.1.0 - > this is the latest version > but it may work on the older's ones. > These two holes can be reach with something like this >: > =20 > http://www.victim.com/phpMyAdmin/sql.php?goto=3D/etc/pa > sswd&btnDrop=3DNo (*) > and > =20 > http://www.victim.com/phpMyAdmin/tbl_replace.php?db=3Dt > est&table=3Dess&goto=3D/etc/passwd > > Of course, to exploit this holes, the attacker need > to be logged on remote > phpMyAdmin. > > These holes come from a line like this : > 'include($goto);' in sql.php and in > tbl_replace.php.
This archive was generated by hypermail 2b30 : Mon Jul 02 2001 - 13:22:58 PDT