HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (
-   General (
-   -   Potential Security Vulnerability? (

GoremanX 3rd March 2011 07:51

Potential Security Vulnerability?
How are people able to reach this directory?
[Wed Mar 02 12:59:09 2011] [error] [client] File does not exist: /usr/share/phpmyadmin/scripts

This is from a vhost's error log, it shows up fairly frequently. This directory is way outside of the vhost's path (/var/www/clients/client1/web1/web). I can't even figure out how I could point a web browser to that directory.

Running ISPConfig using the Ubuntu 10.04 Perfect Server setup

Dark_Balor 3rd March 2011 11:06

It's not a security hole

just look at your php-cgi wrapper the open-base-dir:

(took from your other topic)

Without allowing to acces /usr/share/phpmyadmin, will not work correctly.

If you ask why work by default, just look at the file :

If you want to change the alias

Alias /phpmyadmin /usr/share/phpmyadmin

Alias /what-ever-you-want /usr/share/phpmyadmin
and do

/etc/init.d/apache2 reload
of course to do that you must be root or have root privilege.

GoremanX 3rd March 2011 11:16


Originally Posted by Dark_Balor (Post 252556)
It's not a security hole

Thank you! I didn't realize that each vhost had a separate phpmyadmin alias. That explains a lot.

All times are GMT +2. The time now is 14:15.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.