###############################################
Vuln. discovered by : r0t
Date: 30 june 2009
vendorlink:http://www.phpmyadmin.net/
affected versions:
phpMyAdmin 3.2.0.1
phpMyAdmin 3.2.1-dev
phpMyAdmin 3.3.0-dev
phpMyAdmin 2.11.10-dev
phpMyAdmin 3.2.0-rc1
and another versions also can be affected
###############################################
Vuln. Description:
phpMyAdmin contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to "db" paremeter in "index.php" isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
live PoC:
http://demo.phpmyadmin.net/MAINT_3_2_0/index.php?db=%22%3E%27%3E%3Cscript%3Ealert%28%2Fr0t%2F%29%3C%2Fscript%3E&token=f70d8ec4305c5a877f56c14554aced10
###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
Ps.
By changing XSS test requests for popular products like phpMyAdmin vulns like XSS will never ends.To prove my words,just use XSS PoC request from live example by another parameters.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment