Hi Michal!
I can still browse in phpMyAdmin directory - this
should be fixed.
Yes, the default docpath should point to the docSQL directory.
But only because the base directory for DocSQL uploads has no own subdirectory and
thereby starts in the phpMyAdmin root. We should thereby change the main docpath
from this:
$docpath = $DOCUMENT_ROOT . dirname($PHP_SELF) . '/' .
eregi_replace('\.\.*', '.',
$docpath);
into this:
$docpath = $DOCUMENT_ROOT . dirname($PHP_SELF) . '/docSQL/' .
eregi_replace('\.\.*', '.', $docpath);
But this has some follow-up issues and needs some looking-into. I'm too tired to do
this today, so next time :)
Most actions
need a valid 'session' to
execute cross-site scripting, which is not *that* serious.
Maybe even worse, you can include javascript that will read cookies with login
and password...
I don't know if I understand that correctly: You can only read your own cookies with
JavaScript, and you know that password already. Because when others open a PMA page
without a login, they only access their empty cookie, right?
What I don't understand why didn't first
contact developpers as is usual in
security problems...
I generally dislike the style of the author's 'report'. :)
btw: I just looked for something on the net (only .cz,
searched by jyxo.cz)
and I found several publicly accessible installations with config stored
passwords :-))
Yes, funny thing to do *g*
Regards,
Garvin.