Vigil@nce: phpMyAdmin, Cross Site Scripting via backtrace
September 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can use backtrace features to generate a Cross Site
Scripting in phpMyAdmin.
– Severity: 2/4
– Creation date: 02/09/2010
DESCRIPTION OF THE VULNERABILITY
The phpMyAdmin server is used to administer a MySQL database via a
web browser.
The page Error.class.php do not correctly checks data passed via
URL.
An attacker can therefore use backtrace feature to generate a
Cross Site Scripting in phpMyAdmin.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/phpMyAdmin-Cross-Site-Scripting-via-backtrace-9895