phpMyAdmin sql.php Arbitrary File Access

2001-07-01T18:42:45
ID OSVDB:7727
Type osvdb
Reporter Slash(slash-rt@cfr.st)
Modified 2001-07-01T18:42:45

Description

Vulnerability Description

phpMyAdmin contains a flaw that allows a remote attacker to access arbitrary files. This flaw exists because the application does not validate the 'goto' variable upon submission to the 'sql.php' script. By sending a specially crafted request, a remote attacker could access arbitrary files resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

phpMyAdmin contains a flaw that allows a remote attacker to access arbitrary files. This flaw exists because the application does not validate the 'goto' variable upon submission to the 'sql.php' script. By sending a specially crafted request, a remote attacker could access arbitrary files resulting in a loss of confidentiality.

Manual Testing Notes

http://[victim]/phpMyAdmin/sql.php?goto=3D/etc/passwd&btnDrop=3DNo

References:

Vendor URL: http://sourceforge.net/projects/phpmyadmin/ Security Tracker: 1001895 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2001-07/0016.html Keyword: Directory Traversal ISS X-Force ID: 6483 CVE-2001-0478 Bugtraq ID: 2642