[Phpmyadmin-devel] Re: MAJOR security hole

"Thomas Bähr [Office]" baehr at glaswald.de
Mon Aug 12 03:17:03 CEST 2002


Hi Robin an the others,


>http://www.google.ca/search?hl=en&ie=UTF-8&oe=UTF-8&q=%22Welcome+to+phpMyAdm
>in+2.3.0%22&meta=
> >
> > With using some of these URL's you can do stuff like:
> > http://www1.tsimtung.com/phpMyAdmin/sql.php?goto=/etc/passwd&btnDrop=No
>
>I've just merged a fix against that, but it needs some testing since I do
>not have a machine here which is affected by this securety hole.

 >*G* that has been a very stupid function in the first case .. one should 
always watch security than coding such stuff
 >I did not check how you fixed that but I guess the easiest way whould be 
to add $cfg[PmaAsoluteUri] to the $is_gotofile var
 >so the above would result in 
"http://www1.tsimtung.com/phpMyAdmin/etc/passwd" an therefor fail ;-)

Upps sorry wrong var *G* it should be the filesystem path to PMA and not 
the URL path to PMA ;-))))

Thomas





More information about the Developers mailing list