lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 4 Apr 2005 19:12:12 +0200
From: Oriol Torrent Santiago <oriol.torrent@...il.com>
To: bugtraq@...urityfocus.com
Subject: phpMyAdmin Cross-site Scripting Vulnerability


==========================================================
Title: phpMyAdmin Cross-site Scripting Vulnerability

Application: phpMyAdmin
Vendor: http://www.phpmyadmin.net
Vulnerable Versions: <=2.6.2-beta1
Corrected: phpMyAdmin versions after 2.6.2-beta1
Bug: Cross-site Scripting
Date: 3-Apr-2005
Author: Oriol Torrent Santiago < oriol.torrent@...il.com >

References:
http://www.arrelnet.com/advisories/adv20050403.html
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-3

==========================================================

1) Background
  -----------
phpMyAdmin is a tool written in PHP intended to handle the administration
of MySQL over the Web. Currently it can create  and drop databases,
create/drop/alter tables, delete/edit/add fields, execute any SQL statement,
manage keys on fields,  manage privileges,export data into various formats
and is available in 47 languages.

2) Problem description
  --------------------

phpMyAdmin <=2.6.2-beta1 contain a vulnerability is caused due to
missing validation of input supplied to "convcharset" variable.

This can be exploited to execute arbitrary HTML and script code(JavaScript,
VBScript,etc.) in a user's browser session in context of a vulnerable site.
It allows an attacker to use the vulnerability to compromise the phpMyAdmin
account, cookie theft, etc.

Ex1:
http://host/phpmyadmin/index.php?pma_username=&pma_password=&server=1&lang=en-iso-8859-1&convcharset=\"><script>alert(document.cookie)</script>

Ex2:
http://host/phpmyadmin/index.php?pma_username=&pma_password=&server=1&lang=en-iso-8859-1&convcharset=\"><h1>XSS</h1>

3) Solution:
  ---------

Vendor was contacted on the 29th of March 2005 and new version is released

Download the latest version of phpMyAdmin

4) Timeline
  --------

29/03/2005  Bug discovered
29/03/2005  Vendor notified
29/03/2005  Vendor response and bug fixed
03/04/2005  New version released
03/04/2005  Advisory released


Powered by blists - more mailing lists