| VID |
22117 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The phpMyExplorer is vulnerable to a directory traversal attack which allows remote users to make the web server read and display arbitrary directories.
PhpMyExplorer, available from http://elegac.free.fr/ allows you to easily update your site online without any FTP access as a popular (and very good looking) PHP based file manager. A security vulnerability in phpMyExplorer 1.2.1 and prior allows an attacker to view and read files that reside outside the normal bound directory. The attacker can browse the entire drive, even reading sensitive files such as /etc/passwd.
Using a URL such as:
/index.php?chemin=..%2F..%2F..%2F..%2F..%2F..%2Fetc
Any user can browse the /etc/ directory and view any files in the directory has read access to.
* References:
http://www.securiteam.com/unixfocus/5YP000A5GI.html
http://www.iss.net/security_center/static/7049.php |
| Recommendation |
No remedy available as of June 2014.
As a workaround, limit the access of PhpMyExplorer for the Apache web server.
If you do not limit the access of PhpMyExplorer, this application becomes a true hole of security. Indeed, any person who takes note of the presence of this application on your site can modify the contents or even erase the totality of your site. In order to avoid that, it is necessary to use the files access limitation of your Web server. For example, the following explains how to make access limitation for Apache web server.
You must create the following three files (in text format):
* .htaccess file in the directory of the application to limit the access to this directory,
* a password file in the secret directory,
* .htaccess file in the same directory as the password file to limit access to this file.
Contents of the .htaccess file in the application directory:
AuthUserFile /secret/password
AuthName "Access restraint"
AuthType Basic
<Limit GET POST>
require valid-user
</Limit>
The password file is composed of the list of users and their encrypted password with the UNIX encoding.
login1:password_crypted
login2:password_crypted
login3:password_crypted
Contents of the .htaccess:
deny from all |
| Related URL |
CVE-2001-1168 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
