Potential Security Vulnerability?

Discussion in 'General' started by GoremanX, Mar 3, 2011.

  1. GoremanX

    GoremanX New Member

    How are people able to reach this directory?
    [Wed Mar 02 12:59:09 2011] [error] [client] File does not exist: /usr/share/phpmyadmin/scripts

    This is from a vhost's error log, it shows up fairly frequently. This directory is way outside of the vhost's path (/var/www/clients/client1/web1/web). I can't even figure out how I could point a web browser to that directory.

    Running ISPConfig using the Ubuntu 10.04 Perfect Server setup
  2. Dark_Balor

    Dark_Balor New Member

    It's not a security hole

    just look at your php-cgi wrapper the open-base-dir:
    (took from your other topic)

    Without allowing to acces /usr/share/phpmyadmin, www.friendlyphotozone.com/phpmyadmin/ will not work correctly.

    If you ask why www.friendlyphotozone.com/phpmyadmin/ work by default, just look at the file :
    If you want to change the alias
    Alias /phpmyadmin /usr/share/phpmyadmin
    Alias /what-ever-you-want /usr/share/phpmyadmin
    and do
    /etc/init.d/apache2 reload
    of course to do that you must be root or have root privilege.
  3. GoremanX

    GoremanX New Member

    Thank you! I didn't realize that each vhost had a separate phpmyadmin alias. That explains a lot.

Share This Page