Hi
On Wednesday 18 of June 2003 21:37, Garvin Hicking wrote:
Hi:I just want
to now..if the recently published bugs at securityfocus
are true..sometimes te people lie on this list...thats my
question...--Visita
You seem to mean
http://www.securityfocus.com/archive/1/325641 ? I just
found that by searching the site. Sadly though, that person has never
contacted the team about that issue.
As far as I can tell, that ImportDocSQL security issue was fixed since
I can still browse in phpMyAdmin directory - this should be fixed.
2.5.0 - I haven't looked into the other XSS
issues, as the original poster
doesn't exactly specify them.
There are some examples, you can try:
http://sql/read_dump.php3?db=nonexistent&sql_query=%3Cscript%3Ewindow.a…
Most actions need a valid 'session' to
execute cross-site scripting, which is not *that* serious.
Maybe even worse, you can include javascript that will read cookies with login
and password...
Storing cookies
unencrypted is documented in some of our RFE trackers, why we don't encrypt
the data currently.
The proposed solution for this seems like a joke :-)
- Second: Use a partial / secure encoding for athentication tokens like
RadiX64 ( not very secure but an attacker
can think that is a more secure algorithm , obscurity ;-D ) .
But our team should definitely take some time to write
a follow-up/response
to that item...
If noobody else will take this, I will look at some problems tommorow.
What I don't understand why didn't first contact developpers as is usual in
security problems...
btw: I just looked for something on the net (only .cz, searched by jyxo.cz)
and I found several publicly accessible installations with config stored
passwords :-))
--
Regards
Michal Cihar
nijel at users dot sourceforge dot net
http://cihar.liten.cz