blogger

Saturday, April 13, 2013

PhpMyAdmin version 3.5.7 vulnerable to Cross Site Scripting

example6
phpMyAdmin is a free software tool written in PHP, intended to handle the administration of MySQL over the World Wide Web. phpMyAdmin supports a wide range of operations with MySQL. phpMyAdmin 3.5.0 to 3.5.7 versions are vulnerable to Reflected XSS in "tbl_gis_visualization.php", as mentioned in advisory. The reason for XSS is stated as insufficient sanitization of html output. Parameters vulnerable are "visualizationSettings[width]" and "visualizationSettings[height]" on "tbl_gis_visualization.php" .But there should be a valid session and valid database name for exploiting the vulnerability. Publically available exploitation details make javascript alert box to pop up, confirming the existence of Reflected XSS. The new updated version 3.5.8 is available on official website.

0 comments:

Post a Comment

Like Us Anonops Anonimo


Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Design by http://www.thepiratesoft.org/ | Bloggerized by Lasantha - Premium Blogger Themes | Hack