Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

[ISecAuditors Security Advisories] IMAP/SMTP Injection in Hastymail

new xss in modbb forum

XSS in JAB Guest Book

Multiple bugs in TFT-Gallery

From:	ajannhwt_(at)_hotmail.com <ajannhwt_(at)_hotmail.com>
Date:	05.12.2006
Subject:	PhpMyAdmin 2.7.0-pl2 Path Disclosure | Multiple CRLF/Http Response Splitting

*********************************************************************************
****
# Title   :  PhpMyAdmin 2.7.0-pl2 Path Disclosure | Multiple CRLF/Http Response Splitting Vulnerability
# Author  :   ajann
# Contact :   :(
# Tested  :  Just 2.7.0-pl2

*********************************************************************************
****


[[CRLF]]]------------------------------------------------------

Files----

/css/phpmyadmin.css.php
/db_create.php
/index.php
/left.php
/libraries/session.inc.php
/libraries/transformations/overview.php
/querywindow.php
/server_engines.php
/...
/..

/Files----

Cookie:

->Open Cookie Editor
->Find the phpMyAdmin value
->Write it ;

phpMyAdmin=%0d%0aSet-Cookie%3Asome%3Dvalue

New Cookie => some=value

.....
..

[[/CRLF]]]

[[PATH]]]------------------------------------------------------

File----

//libraries/common.lib.php

/File----

[[/PATH]]]

""""""""""""""
"""""""
# ajann,Turkey
# ...

# Im not Hacker!