phpPgAdmin index.php formLanguage Variable Local File Inclusion

2005-07-04T08:46:20
ID OSVDB:17758
Type osvdb
Reporter OSVDB
Modified 2005-07-04T08:46:20

Description

Vulnerability Description

phpPgAdmin contains a flaw that allows a remote attacker to include files outside of the web path. The issue is due to the index.php script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the formLanguage variable.

Solution Description

Upgrade to version 3.5.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

phpPgAdmin contains a flaw that allows a remote attacker to include files outside of the web path. The issue is due to the index.php script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the formLanguage variable.

Manual Testing Notes

By posting a malformed formLanguage value to index.php file, it is possible to include a local file. Example: formUsername=username&formPassword=password&formServer=0&formLanguag e=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f/et c/passwd%00&submitLogin=Login

References:

Vendor URL: http://phppgadmin.sourceforge.net/ Vendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?release_id=342261 Vendor Specific Advisory URL Security Tracker: 1014414 Secunia Advisory ID:15941 Mail List Post: http://archives.neohapsis.com/archives/dailydave/2005-q3/0010.html CVE-2005-2256 Bugtraq ID: 14142