PhpMyExplorer Directory traversal

By
Nash N Sulthan
Published on
24 Jun 2018
1 min read
Vulnerability

PhpMyExplorer is a PHP application that allows a user to update a website online without any FTP access easily. Many servers have a vulnerability through which, the host application will allow an attacker to view and read files that reside outside the regular bound directory. An attacker who takes note of the presence of the phpMyExlorer on the web application can modify the contents or even erase the site entirely. This vulnerability can be exploited through directory traversal attack. Directory traversal attack is an attack through which an attacker can access and modify files outside of webroot folder in the host server using HTTP. The best method to fix this vulnerability is to implement the files access limitation of the Web server.

Example

The following URL is an example of this vulnerability:

https://www.example.beaglesecurity.com/index.php?chemin=..%2F..%2F..%2F..%2F..%2F..%2Fetc

Under this vulnerability, any user can browse the /etc/ directory and view any files in the web server with read access. The %2F is the URL Encoded value of the Forward Slash (/).

Impact

The attacker can easily exploit this vulnerability to gain unauthorised access to the application or access the underlying database. The attacker can also gain access to all the files and folders outside of Webroot and access restricted and sensitive information to comprise the application. He can also impersonate a user to steal information from the application. This type of attack will not leave any trails behind. Thus, detecting this vulnerability is hard.

Mitigation / Precaution

Beagle recommends the following fixes:-

  • Use the file access limitation for your Web server.
  • Apply all the latest update patches.
  • Install the latest version of your web server software.
  • Filter metacharacters from the user input.
  • Restrict the access to the .htaccess file in the directory of the application.
  • Place the .htaccess file in the same directory as that of the password file to limit access.
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Nash N Sulthan
Nash N Sulthan
Cyber Security Lead Engineer
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
Find surface-level website security issues in under a minute
Free website security assessment
Experience the power of automated penetration testing & contextual reporting.