High Security Risk in Ver. phpwcms 1.1-RC2_2004-01-10a

Florian · Post by **Florian** » Sat 10. Jan 2004, 17:32

Security Bug Report

Risk: VERY HIGH
Report Date: 10-01-2004 17:19 CET
Expected Version: phpwcms 1.1-RC2_2004-01-10a AND up
Affected spot: phpMyAdmin
Location of the spot: ./include/inc_ext/phpMyAdmin/<all data within>
Status: pending

Summary:
The phpmyadmin directory is NOT secured by the 'checklogin.inc.php' which is included by the phpwcms.php which controlls the adminrights within the admin menue. Anyone on the web who knows about the struckture behind phpwcms can access the directory by typing in his browser the URL http://yoururl.tld/include/inc_ext/phpMyAdmin/. He will easyly access the mySQL Database which stores ALL DATA for phpwcms and is allowed to change and/or delete content.

Workaround:
Install the Patch: http://osdn.dl.sourceforge.net/sourcefo ... 01-10b.zip

Recommendation:
Install the security bugfix.

Post by **Oliver Georgi** » Sat 10. Jan 2004, 17:43

Fuck - you are right. I forgot. I do it right now.

Oliver

frold · Post by **frold** » Sat 10. Jan 2004, 17:49

Post by **Oliver Georgi** » Sat 10. Jan 2004, 17:53

Is solved. (I hope)

Sorry!

regards
Oliver

frold · Post by **frold** » Sat 10. Jan 2004, 17:54

Oliver Georgi wrote:Is solved. (I hope)

Sorry!

regards
Oliver

well therefor it is nice with a big forum

Florian · Post by **Florian** » Sat 10. Jan 2004, 17:59

Mybe we should set up a "Bugbuster" like written above by me for further Bug, which "maybe" appers (of corse I don't hope

). So we can do a quick bugfix and everybody knows what to do.

Cheers,
Florian

frold · Post by **frold** » Sat 10. Jan 2004, 18:03

Florian wrote:Mybe we should set up a "Bugbuster" like written above by me for further Bug, which "maybe" appers (of corse I don't hope ). So we can do a quick bugfix and everybody knows what to do.

Cheers,
Florian

yeah and maybe a mailing list?

so you automatic rezeive bug repports ? right now you only rezeive a email if you have created or replyed to the topic....!!

Eg, you could install this mod - it let you receive mails when there are new posts in a given forum....it is still a alpha mod but.....

http://www.netclectic.com/forums/viewtopic.php?t=4402

cet · Post by **cet** » Sun 11. Jan 2004, 11:55

The Fix does not solve the prob on my server. (Yes, I have cleared my cache and killed the cockies).

Any idea?

Post by **Oliver Georgi** » Sun 11. Jan 2004, 12:03

Cet, what do you think is not solved?

Try this:

1) Close all browser windows - maybe logoff backend
2) Then try to open again: http://www.myphpwcms.com/include/inc_ext/phpMyAdmin

What happens?

Oliver

cet · Post by **cet** » Sun 11. Jan 2004, 12:26

Hi Oliver,

I am in the phpMyAdmin-Section.

Is it right to fill in the DB values in "setup/setup.conf.inc.php" and in "include/inc_conf/conf.inc.php" ?

vvo · Post by **vvo** » Sun 11. Jan 2004, 12:45

I can confirm that the security risk still exists.
I'm running phpWCMS on a Cobalt RAQ4 and although I closed all my browser windows, cleared the cookies and the cache ...I still can access phpmyadmin ...and not being logged in the backend of phpwcms.

Johan.

Post by **Oliver Georgi** » Sun 11. Jan 2004, 13:10

OK - I will extend the patch again by also checking against db.

Oliver

Post by **Oliver Georgi** » Sun 11. Jan 2004, 13:49

Can somebody with still existing security problems test the following new patch file
http://www.phpwcms.de/docu/config.inc.developer.zip

extract and put it into:
include/inc_ext/phpMyAdmin

It uses same authentication check as phpwcms itself.

Regards
Oliver

vvo · Post by **vvo** » Sun 11. Jan 2004, 13:54

Oliver,
I think it is working now ....I did two tests.

1) on a new pc (kids pc ..never used phpwcms on that system before).
a direct link to phpmyadmin redirects to the root of the domain ...

2) another pc. Logged into backend and started phpmyadmin. Then logged out and made a direct link to phpmyadmin. Again I was redirected to the root of the domain.

Johan.

cet · Post by **cet** » Sun 11. Jan 2004, 19:58

It also works for me. Danke für den schnellen Fix.