PHPMyAdmin 2.x Information Disclosure Vulnerability

2003-06-18T00:00:00
ID EDB-ID:22798
Type exploitdb
Reporter Lorenzo Manuel Hernandez Garcia-Hierro
Modified 2003-06-18T00:00:00

Description

PHPMyAdmin 2.x Information Disclosure Vulnerability. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/7963/info

A vulnerability has been reported for phpMyAdmin that may reveal the contents of directories to remote attackers. The vulnerability exists due to insufficient sanitization of user-supplied input. Specifically, dot-dot-slash '../' directory traversal sequences are not sufficiently sanitized from URI parameters. 

http://localhost/mysql/db_details_importdocsql.php?submit_show=true&do=import&docpath=[../../../]