phpMyAdmin 'layout.inc.php'信息破解漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1192232 漏洞类型 未知
发布时间 2007-01-05 更新时间 2007-01-05
CVE编号 CVE-2007-0095 CNNVD-ID CNNVD-200701-033
漏洞平台 N/A CVSS评分 5.0
|漏洞来源
https://www.securityfocus.com/bid/86779
https://cxsecurity.com/issue/WLB-2007010020
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200701-033
|漏洞详情
phpMyAdmin2.9.1.1远程攻击者可以借助一个对themes/darkblue_orange/layout.inc.php的直接请求,获得敏感信息。该直接请求会在出错信息中显示安装路径。
|漏洞EXP
 Thanks in advance,
Tal Argoni,CEH
www.zion-security.com

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070102/35bbe963/attachment.html 
-------------- next part --------------
                                                                                                                                                                                                                                                             
?= Security Advisory =?

Issue: Remote Inforamtion Discloser Vulnerabilities in "phpMyAdmin".
Discovered Date: 02/01/2007
Author: Tal Argoni. [talargoni at gmail.com]
Product Vendor: http://www.phpmyadmin.net/

Details:

phpMyAdmin is prone to an Information Disclosure.
The vulnerability exists in the "darkblue_orange" visual theme,
caused by the lack of Poor configurations.

By requesting the file
http://www.example.com/phpMyAdmin/themes/darkblue_orange/layout.inc.php
The php return a Fatal error that disclose the full path of
the file on the server.


Exploitation URL:
http://www.example.com/phpMyAdmin/themes/darkblue_orange/layout.inc.php


Vulnerable: phpMyAdmin v2.9.1.1
	    
Solution:

go to line 33 and comment the line.
//$GLOBALS['cfg']['MainBackground']....;

Proof Of Concept:

http://www.example.com/phpMyAdmin/themes/darkblue_orange/layout.inc.php




|受影响的产品
phpMyAdmin phpMyAdmin 2.9.1.1
|参考资料

来源:XF
名称:phpmyadmin-darkblueorange-path-disclosure(31223)
链接:http://xforce.iss.net/xforce/xfdb/31223
来源:OSVDB
名称:33257
链接:http://osvdb.org/33257
来源:FULLDISC
名称:20070102InforamtionDiscloserVulnerabilitiesinphpMyAdmin
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051544.html
来源:FULLDISC
名称:20070102InforamtionDiscloserVulnerabilitiesin"phpMyAdmin"
链接:http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0034.html
来源:MANDRIVA
名称:MDKSA-2007:199
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2007:199
来源:SREASON
名称:2104
链接:http://securityreason.com/securityalert/2104