BID:17973

phpMyAdmin Index.PHP Multiple Cross-Site Scripting Vulnerabilities

CVE-2006-2417 | CVE-2006-2418 |

Info

phpMyAdmin Index.PHP Multiple Cross-Site Scripting Vulnerabilities

Bugtraq ID:	17973
Class:	Input Validation Error
CVE:	CVE-2006-2417 CVE-2006-2418
Remote:	Yes
Local:	No
Published:	May 15 2006 12:00AM
Updated:	Jan 12 2007 10:30PM
Credit:	Sven Vetsch/Disenchant is credited with the discovery of these vulnerabilities.
Vulnerable:	SuSE SUSE Linux Enterprise Server 8 + Linux kernel 2.4.21 + Linux kernel 2.4.19 SuSE SUSE Linux Enterprise Server 7 + Linux kernel 2.4.19 SuSE Linux Openexchange Server SuSE Linux Enterprise Server 9 SuSE Linux Desktop 1.0 S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. SuSE Linux Open-Xchange 4.1 S.u.S.E. SUSE CORE 9 for x86 S.u.S.E. Open-Enterprise-Server 9.0 S.u.S.E. Open-Enterprise-Server 1 S.u.S.E. Office Server S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Novell Linux Desktop 1.0 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 9.2 x86_64 S.u.S.E. Linux Professional 9.2 S.u.S.E. Linux Professional 9.1 x86_64 S.u.S.E. Linux Professional 9.1 S.u.S.E. Linux Professional 9.0 x86_64 S.u.S.E. Linux Professional 9.0 S.u.S.E. Linux Professional 8.2 S.u.S.E. Linux Professional 8.2 S.u.S.E. Linux Professional 7.3 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 S.u.S.E. Linux Personal 10.1 S.u.S.E. Linux Office Server S.u.S.E. Linux Enterprise Server for S/390 9.0 S.u.S.E. Linux Enterprise Server for S/390 S.u.S.E. Linux Database Server 0 S.u.S.E. Linux Connectivity Server phpMyAdmin phpMyAdmin 2.8 .3 phpMyAdmin phpMyAdmin 2.8 .1 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1

Not Vulnerable:	phpMyAdmin phpMyAdmin 2.8 .4

Discussion

phpMyAdmin Index.PHP Multiple Cross-Site Scripting Vulnerabilities

phpMyAdmin is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Versions prior to 2.8.0.4 are vulnerable; other versions may also be affected.

Exploit / POC

phpMyAdmin Index.PHP Multiple Cross-Site Scripting Vulnerabilities

These issues can be exploited through a web client.

Solution / Fix

phpMyAdmin Index.PHP Multiple Cross-Site Scripting Vulnerabilities

Solution:
The vendor has released version 2.8.0.4 to address these issues; please see the reference section for details.

phpMyAdmin phpMyAdmin 2.8 .1

phpMyAdmin phpMyAdmin-2.8.0.4.tar.gz
http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.8.0.4.tar.g z

phpMyAdmin phpMyAdmin 2.8 .3

phpMyAdmin phpMyAdmin-2.8.0.4.tar.gz
http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.8.0.4.tar.g z

References

phpMyAdmin Index.PHP Multiple Cross-Site Scripting Vulnerabilities

References:

Main Vendor Homepage (OWASP)