phpMyAdmin 2.x - 'Export.php' File Disclosure

EDB-ID:

23640




Platform:

PHP

Date:

2004-02-03


source: https://www.securityfocus.com/bid/9564/info

phpMyAdmin is prone to a vulnerability that may permit remote attackers to gain access to files that are readable by the hosting web server. The issue is reported to exist in the 'export.php' script and may be exploited by providing directory traversal sequences as an argument for a specific URI parameter. 

http://www.example.com/[phpMyAdmin_directory]/export.php?what=../../../../../../etc/passwd%00