phpPgAdmin SQLEDIT.PHP Cross Site Scripting Vulnerability

Bugtraq ID:	24115
Class:	Input Validation Error
CVE:	CVE-2007-2865
Remote:	Yes
Local:	No
Published:	May 23 2007 12:00AM
Updated:	Mar 19 2015 08:47AM
Credit:	Michal Majchrowicz is credited with discovering this issue.
Vulnerable:	SuSE Linux 10.2 Red Hat Fedora 7 phpPgAdmin phpPgAdmin 4.1.1 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0
Not Vulnerable:	phpPgAdmin phpPgAdmin 4.1.2

phpPgAdmin SQLEDIT.PHP Cross Site Scripting Vulnerability

phpPgAdmin is prone to a cross-site scripting vulnerability.

Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.

phpPgAdmin 4.1.1 is reported vulnerable; other versions may also be affected.

phpPgAdmin SQLEDIT.PHP Cross Site Scripting Vulnerability

An attacker must entice an unsuspecting victim into following a malicious URI to exploit this issue.

The following proof-of-concept URI is available:

https://www.example.com/phpPgAdmin/sqledit.php?server=[xss]

phpPgAdmin SQLEDIT.PHP Cross Site Scripting Vulnerability

Solution:
The vendor released an update to address this issue. Please see the references for more information.


Debian Linux 4.0

• Debian phppgadmin_4.0.1-3.1etch1_all.deb
  http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_4 .0.1-3.1etch1_all.deb

Debian Linux 4.0 amd64

• Debian phppgadmin_4.0.1-3.1etch1_all.deb
  http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_4 .0.1-3.1etch1_all.deb

Debian Linux 4.0 mipsel

• Debian phppgadmin_4.0.1-3.1etch1_all.deb
  http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_4 .0.1-3.1etch1_all.deb

Debian Linux 4.0 ia-32

• Debian phppgadmin_4.0.1-3.1etch1_all.deb
  http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_4 .0.1-3.1etch1_all.deb

Debian Linux 4.0 arm

• Debian phppgadmin_4.0.1-3.1etch1_all.deb
  http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_4 .0.1-3.1etch1_all.deb

Debian Linux 4.0 hppa

• Debian phppgadmin_4.0.1-3.1etch1_all.deb
  http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_4 .0.1-3.1etch1_all.deb

Debian Linux 4.0 sparc

• Debian phppgadmin_4.0.1-3.1etch1_all.deb
  http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_4 .0.1-3.1etch1_all.deb

Debian Linux 4.0 s/390

• Debian phppgadmin_4.0.1-3.1etch1_all.deb
  http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_4 .0.1-3.1etch1_all.deb

Debian Linux 4.0 powerpc

• Debian phppgadmin_4.0.1-3.1etch1_all.deb
  http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_4 .0.1-3.1etch1_all.deb

Debian Linux 4.0 alpha

• Debian phppgadmin_4.0.1-3.1etch1_all.deb
  http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_4 .0.1-3.1etch1_all.deb

Debian Linux 4.0 ia-64

• Debian phppgadmin_4.0.1-3.1etch1_all.deb
  http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_4 .0.1-3.1etch1_all.deb

Debian Linux 4.0 mips

• Debian phppgadmin_4.0.1-3.1etch1_all.deb
  http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_4 .0.1-3.1etch1_all.deb

Debian Linux 4.0 m68k

• Debian phppgadmin_4.0.1-3.1etch1_all.deb
  http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_4 .0.1-3.1etch1_all.deb

phpPgAdmin SQLEDIT.PHP Cross Site Scripting Vulnerability

References:

• phpPgAdmin Homepage (phpPgAdmin)