Vigil@nce: phpMyAdmin, several Cross Site Scripting
August 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can use multiple features to generate several Cross
Site Scripting in phpMyAdmin.
– Severity: 2/4
– Creation date: 23/08/2010
DESCRIPTION OF THE VULNERABILITY
The phpMyAdmin server is used to administer a MySQL database via a
web browser.
Several pages do not correctly checks data passed via URL :
– "field_str" parameter to db_search.php
– "delimiter" parameter to db_sql.php
– "sort" parameter to db_structure.php
– "db" parameter to js/messages.php
– "sort_by" parameter to server_databases.php
– "checkprivs", "dbname", "pred_tablename", "selected_usr[]",
"tablename", and "username" parameters to server_privileges.php
– "DefaultLang" parameter to setup/config.php
– "cpurge", "goto", "purge", "purgekey", "table", and "zero_rows"
parameters to sql.php
– "fields[multi_edit][]" parameter to tbl_replace.php
An attacker can therefore use multiple features to generate
several Cross Site Scripting in phpMyAdmin.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/phpMyAdmin-several-Cross-Site-Scripting-9870