1) Background
-----------
phpMyAdmin is a tool written in PHP intended to handle the administration
of MySQL over the Web. Currently it can create and drop databases,
create/drop/alter tables, delete/edit/add fields, execute any SQL statement,
manage keys on fields, manage privileges,export data into various formats
and is available in 47 languages.
2) Problem description
--------------------
phpMyAdmin <=2.6.2-beta1 contain a vulnerability is caused due to
missing validation of input supplied to "convcharset" variable.
This can be exploited to execute arbitrary HTML and script code(JavaScript,
VBScript,etc.) in a user's browser session in context of a vulnerable site.
It allows an attacker to use the vulnerability to compromise the phpMyAdmin
account, cookie theft, etc.
Vendor was contacted on the 29th of March 2005 and new version is released
Download the latest version of phpMyAdmin
4) Timeline
--------
29/03/2005 Bug discovered
29/03/2005 Vendor notified
29/03/2005 Vendor response and bug fixed
03/04/2005 New version released
03/04/2005 Advisory released
Title: phpMyAdmin Cross-site Scripting Vulnerability
Application: phpMyAdmin
Vendor: http://www.phpmyadmin.net
Vulnerable Versions: <=2.6.2-beta1
Corrected: phpMyAdmin versions after 2.6.2-beta1
Bug: Cross-site Scripting
Date: 3-Apr-2005
Author: Oriol Torrent Santiago < oriol.torrent (at) gmail (dot) com [email concealed] >
References:
http://www.arrelnet.com/advisories/adv20050403.html
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-3
==========================================================
1) Background
-----------
phpMyAdmin is a tool written in PHP intended to handle the administration
of MySQL over the Web. Currently it can create and drop databases,
create/drop/alter tables, delete/edit/add fields, execute any SQL statement,
manage keys on fields, manage privileges,export data into various formats
and is available in 47 languages.
2) Problem description
--------------------
phpMyAdmin <=2.6.2-beta1 contain a vulnerability is caused due to
missing validation of input supplied to "convcharset" variable.
This can be exploited to execute arbitrary HTML and script code(JavaScript,
VBScript,etc.) in a user's browser session in context of a vulnerable site.
It allows an attacker to use the vulnerability to compromise the phpMyAdmin
account, cookie theft, etc.
Ex1:
http://host/phpmyadmin/index.php?pma_username=&pma_password=&server=1&la
ng=en-iso-8859-1&convcharset=\"><script>alert(document.cookie)</script>
Ex2:
http://host/phpmyadmin/index.php?pma_username=&pma_password=&server=1&la
ng=en-iso-8859-1&convcharset=\"><h1>XSS</h1>
3) Solution:
---------
Vendor was contacted on the 29th of March 2005 and new version is released
Download the latest version of phpMyAdmin
4) Timeline
--------
29/03/2005 Bug discovered
29/03/2005 Vendor notified
29/03/2005 Vendor response and bug fixed
03/04/2005 New version released
03/04/2005 Advisory released
[ reply ]