|
 |
|
ADOdb Insecure Test Scripts Security Issues
|
|
|
|
|
Secunia Advisory:
|
SA17418
|
|
|
Release Date:
|
2006-01-09
|
|
Last Update:
|
2006-04-10
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Security Bypass
Exposure of system information
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | ADOdb 4.x
|
| | CVE reference: | CVE-2006-0146 (Secunia mirror)
CVE-2006-0147 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Secunia Research has discovered two security issues in ADOdb, which can be exploited by malicious people to disclose system information, execute arbitrary SQL code, and potentially compromise a vulnerable system.
1) The problem is caused due to the presence of the insecure "server.php" test script. This can be exploited to execute arbitrary SQL code with full MySQL database privileges via the "sql" parameter.
Example:
http://[victim]/server.php?sql=SELECT '[content]' INTO OUTFILE '[file]'
This can further be exploited to create an arbitrary PHP script in a directory inside the web root writable by the MySQL user.
Successful exploitation requires that the MySQL password for the root user is empty and that the affected script is placed accessible inside the web root.
2) The problem is caused due to the presence of the insecure "tests/tmssql.php" test script. This can be exploited to call an arbitrary PHP function via the "do" parameter.
Example:
http://[victim]/tests/tmssql.php?do=phpinfo
Successful exploitation requires that the affected script is placed accessible inside the web root.
The security issues have been confirmed in versions 4.66 and 4.68 for PHP. Other versions may also be affected.
Solution:
Update to version 4.70 for PHP.
http://sourceforge.net/project/showfiles.php?group_id=42718
Provided and/or discovered by:
Andreas Sandblad, Secunia Research
Changelog:
2006-04-10: Added CVE references.
Original Advisory:
Secunia Research:
http://secunia.com/secunia_research/2005-64/advisory/
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
2 Related Secunia Security Advisories
|
|
|
1. ADOdb Cross-Site Scripting Vulnerabilities
|
|
2. ADOdb PostgreSQL SQL Injection Vulnerability
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
