Mambo Site Server phpMyAdmin.php Database Access

2002-12-12T00:00:00
ID OSVDB:7514
Type osvdb
Reporter euronymous(just-a-user@yandex.ru)
Modified 2002-12-12T00:00:00

Description

Vulnerability Description

Mambo Site Server contains a flaw that may allow a remote attacker to gain unauthorized access to the backend database. The issue is triggered when phpMyAdmin is installed and specific changes are not made to the 'configuration.php' script, which could allow a remote attacker to launch further attacks against the server resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Mambo Site Server contains a flaw that may allow a remote attacker to gain unauthorized access to the backend database. The issue is triggered when phpMyAdmin is installed and specific changes are not made to the 'configuration.php' script, which could allow a remote attacker to launch further attacks against the server resulting in a loss of integrity.

Manual Testing Notes

http://[victim]/mambo/administrator/phpMyAdmin.php

References:

Vendor URL: http://www.miro.com.au/ Related OSVDB ID: 7511 Related OSVDB ID: 7512 Related OSVDB ID: 7515 Related OSVDB ID: 7513 Related OSVDB ID: 7509 Related OSVDB ID: 7510 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html ISS X-Force ID: 10858