SecurityReason.com - Our Reason is

Security

Register | Forget Password | Login
SecurityReason
WLB
Services
RSS
Corporate
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com

Home arrow SecurityAlert Database

Arrow  Topic :

xss in phpmyadmin >=2.8.0 and < 2.10.0


Arrow  SecurityAlert : 2402
Arrow  CVE : CVE-2007-1395
Arrow  SecurityRisk : Low  Security Risk Low  (About)
Arrow  Remote Exploit : Yes
Arrow  Local Exploit : No
Arrow  Exploit Available : Yes
Arrow  Credit : alfa
Arrow  Published : 14.03.2007

Arrow  Affected Software : phpmyadmin >=2.8.0 and < 2.10.0



Arrow  Advisory Content :  

This xss (with xsrf possibility) works only when logged in, but since in
many places anonymous logins are allowed and many webhost companies offer
just 1 or few phpmyadmins for a large number of users, i consider it worth
to be published.

Theoretically it is possible to obtain and use the cookie and token
variables (which are necessary to get this XSS working) but i haven't made
a working poc atm, but i'm sure others will have the capability to do so.

The problem is bad filtering of $db and $table where they only check for
(lowercase) </script>-tag and not for the (uppercase)</SCRIPT>-tag to break
out of the javascript.

More details can be found in an advisory found here:
http://www.virtuax.be/advisories/Advisory2-24012007.txt

possible attack strings could look like:
http://phpmyadmin.example.com/index.php?token=$token&db/table=';[XSS]
http://phpmyadmin.example.com/index.php?token=$token&db/table=</SCRIPT><
/head><body>[HTML]

in each case if you're running phpmyadmin <= 2.9 it's wise to update,
stefan esser has even used phpmyadmin as an example in one of the bugs he
found and reported in (his) mopb over a week ago(
http://www.php-security.org/MOPB/MOPB-02-2007.html and
http://www.phpmyadmin.net/)





Arrow  Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Alert

libc/fnmatch(3) DoS

Security Risk Medium- 2011-05-13

Allow attacker to denial of service apache 2.2.17 server

Apache RSS Apache Alert

» Apache HTTP Server Denial
   of Service Vulnerability

» Multiple Vendors
   libc/fnmatch(3) DoS (incl
   apache poc)

» Apache Continuum
   cross-site scripting
   vulnerability

» Apache Tomcat DoS
   Vulnerability

PHP RSS PHP Alert

» PHP Hashtables Denial of
   Service

» PHP 5.3.6 multiple null
   pointer dereference

» PHP 5.3.6 ZipArchive
   invalid use glob(3)

» libzip 0.9.3
   _zip_name_locate NULL
   Pointer Dereference (incl
   PHP 5.3.5)

ADT

Protect your family and valuables with Home Security Systems

Copyright © SecurityReason.com. All Rights Reserved.