- Status Closed
-
Assigned To
cbay - Private
Attached to Project: Security vulnerabilities
Opened by 0xmagdy - 27.03.2024
Last edited by cbay - 03.04.2024
Opened by 0xmagdy - 27.03.2024
Last edited by cbay - 03.04.2024
FS#43 - Information Disclosure PHPpgAdmin
Vulnerability Detail
PHPpgAdmin setup page is accessible over the internet in which it's possible for the user setup the servers with required details.
Vulnerable Endpoints
https://phppgadmin.alwaysdata.com/phppgadmin/redirect.php?subject=root You can add a server via this endpoint
https://phppgadmin.alwaysdata.com/phppgadmin/redirect.php?subject=server&server=&
Impact Its possible for an attacker to configure the servers without information of the application adminstrator.
Loading...
Available keyboard shortcuts
- Alt + ⇧ Shift + l Login Dialog / Logout
- Alt + ⇧ Shift + a Add new task
- Alt + ⇧ Shift + m My searches
- Alt + ⇧ Shift + t focus taskid search
Tasklist
- o open selected task
- j move cursor down
- k move cursor up
Task Details
- n Next task
- p Previous task
- Alt + ⇧ Shift + e ↵ Enter Edit this task
- Alt + ⇧ Shift + w watch task
- Alt + ⇧ Shift + y Close Task
Task Editing
- Alt + ⇧ Shift + s save task
Hello,
Can you provide us with a PoC showing us how you would do it?
I added the poc video here https://drive.google.com/file/d/1coC3CBj2pGSqv33pLqMQy_Du0uYBsUXL/view?usp=sharing
That link returns "Access Denied", please provide a public link.
https://drive.google.com/file/d/1coC3CBj2pGSqv33pLqMQy_Du0uYBsUXL/view?usp=sharing
That's not a setup page, and you can only "add" servers to your own session. I'm pretty sure that's standard phpPgAdmin behaviour, and it doesn't cause any security issue as far as I know.