PHPBuilder.com, the best resource for PHP tutorials, templates, PHP manuals, content management systems, scripts, classes and more.

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Hiermenus
DatabaseJournal
Technology Jobs

IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Covalent Extends Apache 2.0 to Microsoft ASP.NET
ShopWorX - Support for Windows
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Network Risk Assessment
Full-Featured, Java-Based Apache GUI

Partners & Affiliates

In Case You Missed It...The Week of October 10, 2005
phpwiki - The Wiki for PHP Developers
Building Dynamic Pages With Search Engines in Mind
Importing Excel, Access or XML Data into MySQL Using Navicat
BinaryCloud: The Opensource Platformfor php Web Applications

[PHP] Re: [PHP-DB] PhpMyAdmin phpPgAdmin Security Issues From: Paul Burney (burney <email protected>)
Date: 07/03/01

Next message: scott [gts]: "RE: [PHP] second try - Mysql php install"
Previous message: Brian C. Doyle: "[PHP] IRC Gateway Functions"
In reply to: andreas \( <email protected>\): "[PHP] Re: [PHP-DB] PhpMyAdmin phpPgAdmin Security Issues"
Next in thread: Chris Anderson: "Re: [PHP] Re: [PHP-DB] PhpMyAdmin phpPgAdmin Security Issues"
Reply: Chris Anderson: "Re: [PHP] Re: [PHP-DB] PhpMyAdmin phpPgAdmin Security Issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

on 7/3/01 5:47 AM, andreas ( <email protected>) (myviva <email protected>) wrote:

> ive got 3 servers (dedicated) with mysql 3.22.32 and above and phpMyAdmin
> 2.1.0 but i cant reproduce the vulnerability

> i use advanced uthentication

> http://ip/phpMyAdmin/sql.php?server=000cfgServers[000][host]=hello&btnDrop=N
> o&goto=/etc/passwd

If that URL is copied correctly, it might be because there's no "&" between
the server=000 and the cfgServers[000][host].

If not, maybe your particular configuration isn't vulnerable.

If you use a Apache Auth for access to the folder and normal auth in
phpmyadmin, you are not vulnerable to outsiders but *you* can still view a
server's sensitive files which can be really dangerous in a shared server
environment.

Sincerely,

Paul Burney

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: php-general-unsubscribe <email protected>
For additional commands, e-mail: php-general-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>

Next message: scott [gts]: "RE: [PHP] second try - Mysql php install"
Previous message: Brian C. Doyle: "[PHP] IRC Gateway Functions"
In reply to: andreas \( <email protected>\): "[PHP] Re: [PHP-DB] PhpMyAdmin phpPgAdmin Security Issues"
Next in thread: Chris Anderson: "Re: [PHP] Re: [PHP-DB] PhpMyAdmin phpPgAdmin Security Issues"
Reply: Chris Anderson: "Re: [PHP] Re: [PHP-DB] PhpMyAdmin phpPgAdmin Security Issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]