phpMyAdmin
is a free software tool written in PHP, intended to handle the
administration of MySQL over the World Wide Web. phpMyAdmin supports a
wide range of operations with MySQL. phpMyAdmin 3.5.0 to 3.5.7 versions
are vulnerable to Reflected XSS in "tbl_gis_visualization.php", as
mentioned in advisory. The reason for XSS is stated as insufficient sanitization of html output. Parameters vulnerable are "visualizationSettings[width]" and "visualizationSettings[height]" on "tbl_gis_visualization.php"
.But there should be a valid session and valid database name for
exploiting the vulnerability. Publically available exploitation details
make javascript alert box to pop up, confirming the existence of
Reflected XSS. The new updated version 3.5.8 is available on official
website.
0 comments:
Post a Comment