[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] phpMyAdmin 3.4.5 – Full path disclosure in phpmyadmin.css.php

To: "full-disclosure@xxxxxxxxxxxxxxxxx" <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] phpMyAdmin 3.4.5 – Full path disclosure in phpmyadmin.css.php
From: Ursu Mihail <mishka.ursu@xxxxxxxxx>
Date: Mon, 17 Oct 2011 04:18:39 -0700 (PDT)


phpMyAdmin 3.4.5 suffers of insufficient input validation of the parameter 
js_frame in phpmyadmin.css.php, exposing information that could be used in 
further attacks.

CVE Entry: CVE-2011-3646
CWE:  CWE-20, CWE-200
PMASA ENTRY: PMASA-2011-15

=========
Description

The script returns an error message, containing the full path if the js_frame 
parameter is defined as an array.


=========
Exploit

No authentication needed to exploit this vulnerability.
http://example.com/path_to_phpmyadmin/phpmyadmin.css.php?js_frame[]=right


=========
Official fix


http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=d35cba980893aa6e6455fd6e6f14f3e3f1204c52


=========
Credits


Discovered by Mihail Ursu ( http://securitate.md/ )  on 12 Sep 2011.


=========
Disclosure Timeline


Reported to vendor on 12 Sep 2011.
Confirmation from vendor 21 Sep 2011.
Patch confirmation 4 Oct 2011.
Official fix and public disclosure 17 Oct 2011.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] [Announcement] ClubHack Magazine - Call for Articles
Next by Date: Re: [Full-disclosure] Meet the Guy Who Snitched on Occupy Wall Street to the FBI and NYPD
Previous by thread: [Full-disclosure] [Announcement] ClubHack Magazine - Call for Articles
Next by thread: [Full-disclosure] [ MDVSA-2011:151 ] libpng
Index(es):
- Date
- Thread