BugTraq
PhpMyAdmin 2.7.0-pl2 Path Disclosure | Multiple CRLF/Http Response Splitting Dec 03 2006 07:26PM
ajannhwt hotmail com
************************************************************************
*************
# Title : PhpMyAdmin 2.7.0-pl2 Path Disclosure | Multiple CRLF/Http Response Splitting Vulnerability
# Author : ajann
# Contact : :(
# Tested : Just 2.7.0-pl2

************************************************************************
*************

[[CRLF]]]------------------------------------------------------

Files----

/css/phpmyadmin.css.php
/db_create.php
/index.php
/left.php
/libraries/session.inc.php
/libraries/transformations/overview.php
/querywindow.php
/server_engines.php
/...
/..

/Files----

Cookie:

->Open Cookie Editor
->Find the phpMyAdmin value
->Write it ;

phpMyAdmin=%0d%0aSet-Cookie%3Asome%3Dvalue

New Cookie => some=value

.....
..

[[/CRLF]]]

[[PATH]]]------------------------------------------------------

File----

//libraries/common.lib.php

/File----

[[/PATH]]]

"""""""""""""""""""""
# ajann,Turkey
# ...

# Im not Hacker!

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus