Posts Tagged path disclosure

phpMyAdmin 3.4.5 – Full path disclosure in phpmyadmin.css.php

Posted by Mihai in Vulnerabilităţi on October 17, 2011

phpMyAdmin 3.4.5 suffers of insufficient input validation of the parameter js_frame in phpmyadmin.css.php, exposing information that could be used in further attacks.

CVE Entry: CVE-2011-3646
CWECWE-20, CWE-200
PMASA ENTRY: PMASA-2011-15

Description

The script returns an error message, containing the full path if the js_frame parameter is defined as an array.

Exploit

No authentication needed to exploit this vulnerability.

http://example.com/path_to_phpmyadmin/phpmyadmin.css.php?js_frame[]=right

Official fix

http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=d35cba980893aa6e6455fd6e6f14f3e3f1204c52

Credits

Discovered by Mihail Ursu (securitate.md) on 12 Sep 2011.

Disclosure Timeline

Reported to vendor on 12 Sep 2011.
Confirmation from vendor 21 Sep 2011.
Patch confirmation 4 Oct 2011.
Official fix and public disclosure 17 Oct 2011.

,

No Comments

Facebook mobile full path disclosure

Posted by Mihai in Curiozităţi on May 4, 2010

Ieri seara am accesat facebook.com de pe mobil (Nokia N78), după vreo 10 minute de browsing am observat următoarea eroare:

La accesarea paginii

http://m.facebook.com/story.php?id=652338323&story

a fost afişată eroarea:

The File /var/www/lib/third-party/mobile-wurfl/wurfl-php-1.r2/WURFL/memcache does not exist!!!

Această eroare este cel puţin curioasă fiindcă datorită ei are loc expunerea informaţiei prin mesaje de eroare şi a fost dezvăluită calea completă (full path disclosure).

, ,

1 Comment