PHPBuilder.com, the best resource for PHP tutorials, templates, PHP manuals, content management systems, scripts, classes and more.

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Hiermenus
DatabaseJournal
Technology Jobs

IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Covalent Extends Apache 2.0 to Microsoft ASP.NET
ShopWorX - Support for Windows
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Network Risk Assessment
Full-Featured, Java-Based Apache GUI

Partners & Affiliates

PHP, XML, XSL, XPATH and Web Services
PHP and Adobe Flex
Test Driven Development in PHP
PHP4/Zend OverView
Using XML, a PHP Developer's Primer, Part 4: XML-RPC, PHP and Javascript

Re: [PHP] Re: [PHP-DB] PhpMyAdmin phpPgAdmin Security Issues From: Chris Anderson (chrisderson <email protected>)
Date: 07/03/01

Next message: Johnson, Kirk: "[PHP] session variables and page interrupt via a refresh"
Previous message: Chris Anderson: "Re: [PHP] password sanity checker"
In reply to: Paul Burney: "[PHP] Re: [PHP-DB] PhpMyAdmin phpPgAdmin Security Issues"
Next in thread: andreas \( <email protected>\): "Re: [PHP] Re: [PHP-DB] PhpMyAdmin phpPgAdmin Security Issues"
Reply: andreas \( <email protected>\): "Re: [PHP] Re: [PHP-DB] PhpMyAdmin phpPgAdmin Security Issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

btw, that error looks more like a mysql setup / runtime problem. IE..is the
server running?
----- Original Message -----
From: "Paul Burney" <burney <email protected>>
To: "andreas ( <email protected>)" <myviva <email protected>>
Cc: "php mailing list 2" <php-general <email protected>>
Sent: Tuesday, July 03, 2001 11:51 AM
Subject: [PHP] Re: [PHP-DB] PhpMyAdmin phpPgAdmin Security Issues

> on 7/3/01 5:47 AM, andreas ( <email protected>) (myviva <email protected>) wrote:
>
> > ive got 3 servers (dedicated) with mysql 3.22.32 and above and
phpMyAdmin
> > 2.1.0 but i cant reproduce the vulnerability
>
> > i use advanced uthentication
>
> >
http://ip/phpMyAdmin/sql.php?server=000cfgServers[000][host]=hello&btnDrop=N
> > o&goto=/etc/passwd
>
> If that URL is copied correctly, it might be because there's no "&"
between
> the server=000 and the cfgServers[000][host].
>
> If not, maybe your particular configuration isn't vulnerable.
>
> If you use a Apache Auth for access to the folder and normal auth in
> phpmyadmin, you are not vulnerable to outsiders but *you* can still view a
> server's sensitive files which can be really dangerous in a shared server
> environment.
>
> Sincerely,
>
> Paul Burney
>
> +-------------------------+---------------------------------+
> | Paul Burney | P: 310.825.8365 |
> | Webmaster && Programmer | E: <webmaster <email protected>> |
> | UCLA -> GSE&IS -> ETU | W: <http://www.gseis.ucla.edu/> |
> +-------------------------+---------------------------------+
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: php-general-unsubscribe <email protected>
> For additional commands, e-mail: php-general-help <email protected>
> To contact the list administrators, e-mail: php-list-admin <email protected>
>
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: php-general-unsubscribe <email protected>
For additional commands, e-mail: php-general-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>

Next message: Johnson, Kirk: "[PHP] session variables and page interrupt via a refresh"
Previous message: Chris Anderson: "Re: [PHP] password sanity checker"
In reply to: Paul Burney: "[PHP] Re: [PHP-DB] PhpMyAdmin phpPgAdmin Security Issues"
Next in thread: andreas \( <email protected>\): "Re: [PHP] Re: [PHP-DB] PhpMyAdmin phpPgAdmin Security Issues"
Reply: andreas \( <email protected>\): "Re: [PHP] Re: [PHP-DB] PhpMyAdmin phpPgAdmin Security Issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]