Re: [SECURITYREASON.COM] phpMyAdmin 2.6.1 Remote file inclusion

• Previous message: HaCkZaTaN: "-==phpBB 2.0.12 Full path disclosure==-"
• In reply to: Maksymilian Arciemowicz: "[SECURITYREASON.COM] phpMyAdmin 2.6.1 Remote file inclusion and XSS cXIb8O3.4"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 26 Feb 2005 11:37:14 +1100 (EST)
To: "Maksymilian Arciemowicz" <max@jestsuper.pl>

> This bug exist in css/phpmyadmin.css.php. You can
> include files. Error exist in
>
> Code:
> - ------
> $tmp_file = $GLOBALS['cfg']['ThemePath'] . '/' .
> $theme . '/css/theme_right.css.php';
> if (@file_exists($tmp_file)) {
> include($tmp_file);
> } // end of include theme_right.css.php
> - ------
>
> And now you can get files.
Incorrect. This is NOT a 'remote' file inclusion(due to the file_exists
call), unless of course the affected user is running >= PHP5.0. It is
usually good practice to state this in an advisory. Please see Appendix L
at http://www.php.net/manual/en/wrappers.php

> 1.1
> Or next include is in libraries/database_interface.lib.php
>
> Code:
>
> - ---
> 18# require_once('./libraries/dbi/' . $cfg['Server']['extension'] .
> '.dbi.lib.php');
> - ---
Also incorrect. The call to require_once passes the absolute path
'./libraries/dbi/' before the variable is involved. This is a LOCAL file
inclusion vulnerability.

> - --- 5.Contact ---
> Author: Maksymilian Arciemowicz
> Location: Poland(Jelenia Gora), Luxembourg(Bereldange)
> Email: max [at] jestsuper [dot] pl
> GPG-KEY: http://security.jestsuper.pl
> http://securityreason.com/ Team
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.6 (FreeBSD)
>
> iD8DBQFCHR89znmvyJCR4zQRAtj3AJ4wxM3WEn56GNohsG3f4U8Ku+/I8wCeMWQr
> YklTAm82iDqNu3so1uYsmEk=
> =ko9x
> -----END PGP SIGNATURE-----
>

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Nullum magnum ingenium sine mixtura dementiae fuit
[There is no great genius without some touch of madness]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Calum Power
- Cultural Jammer
- Security Enthusiast
- Hopeless Cynic
enune@fribble.net
http://www.fribble.net

• Previous message: HaCkZaTaN: "-==phpBB 2.0.12 Full path disclosure==-"
• In reply to: Maksymilian Arciemowicz: "[SECURITYREASON.COM] phpMyAdmin 2.6.1 Remote file inclusion and XSS cXIb8O3.4"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Getting g_wszVBRQuality property ... The error code is just like if the parameter type is ... I don't think you can say it is a bug for g_wszVBRQuality because the call ... not that its type is incorrect. ... You can call MS Customer Support in your country if you think it's a bug. ... (microsoft.public.windowsmedia.sdk) Re: Initialising Variables ... Surely it will lead to incorrect results? ... to compute a new value for it, but you fail to do so (that's the bug. ... subtle failure that's still there in the shipped product). ... It doesn't crash. ... (comp.lang.c) Re: Initialising Variables ... Not all programmes have incorrect results, ... to compute a new value for it, but you fail to do so (that's the bug. ... I tend to initialise variables which have a sensible and ... (comp.lang.c) Re: background color not working as expected ... which is essentially your own mark up with some content added and ... some more bg colours and colors to show your arrangement better. ... that this was bug #46 and bug #66 at this page: ... It is definitely due to incorrect ... (alt.html) Re: Roads must roll was Re: Most Ridiculous SF Predictions ... If it was impossible for a popular program to be incorrect because ... Well, aside from you're not understanding what a bug is, you also have ... what standards document OE supposedly violates. ... (rec.arts.sf.written)