by r0t,der4444,cembo,VietMafia

Thursday, April 20, 2006

phpMyAdmin XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 20 april 2006
vendorlink:http://www.phpmyadmin.net/
affected versions:
phpMyAdmin 2.8.0.3
phpMyAdmin 2.8.0.2
phpMyAdmin 2.8.1-dev (CVS version)
phpMyAdmin 2.9.0-dev (CVS version)
and prior versions also can be affected
###############################################


Vuln. Description:

phpMyAdmin contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to "lang" paremeter in "index.php" isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.


example:

http://[victim]/phpMyAdmin/index.php?lang=[XSS]

note:
attacker dont must be logged in vuln. system to exploit this vuln.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

2 Comments:

Anonymous Michal Čihař told...

How about contacting vendor before you publish this? You would get publicity in vendor announcement and issue would be fixed without making disclossure available to everyone.

11:35 AM

 
Blogger r0t told...

Michal,you have right i missed a letter to you like in all times.
But may ask?
Do you ask same question to p0w3r?
http://secunia.com/advisories/19659/
My report it was just update to p0w3r advisory in secunia.
and those both bugs last are harmfull...

2:20 AM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew