> This bug exist in css/phpmyadmin.css.php. You can > include files. Error exist in > > Code: > - ------ > $tmp_file = $GLOBALS['cfg']['ThemePath'] . '/' . > $theme . '/css/theme_right.css.php'; > if (@file_exists($tmp_file)) { > include($tmp_file); > } // end of include theme_right.css.php > - ------ > > And now you can get files. Incorrect. This is NOT a 'remote' file inclusion(due to the file_exists call), unless of course the affected user is running >= PHP5.0. It is usually good practice to state this in an advisory. Please see Appendix L at http://www.php.net/manual/en/wrappers.php > 1.1 > Or next include is in libraries/database_interface.lib.php > > Code: > > - --- > 18# require_once('./libraries/dbi/' . $cfg['Server']['extension'] . > '.dbi.lib.php'); > - --- Also incorrect. The call to require_once passes the absolute path './libraries/dbi/' before the variable is involved. This is a LOCAL file inclusion vulnerability. > - --- 5.Contact --- > Author: Maksymilian Arciemowicz > Location: Poland(Jelenia Gora), Luxembourg(Bereldange) > Email: max [at] jestsuper [dot] pl > GPG-KEY: http://security.jestsuper.pl > http://securityreason.com/ Team > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.6 (FreeBSD) > > iD8DBQFCHR89znmvyJCR4zQRAtj3AJ4wxM3WEn56GNohsG3f4U8Ku+/I8wCeMWQr > YklTAm82iDqNu3so1uYsmEk= > =ko9x > -----END PGP SIGNATURE----- > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nullum magnum ingenium sine mixtura dementiae fuit [There is no great genius without some touch of madness] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Calum Power - Cultural Jammer - Security Enthusiast - Hopeless Cynic enune@xxxxxxxxxxx http://www.fribble.net