26 Jul
2012
26 Jul
'12
5:18 a.m.
Hi,
Here is some error My scanner find here is the Description à
“The version of phpMyAdmin hosted on the remote server is 3.4.x prior to 3.4.8 and is
affected by a
cross‑site scripting vulnerability. The database name is not properly sanitized in the
file
'js/db_operations.js' when attempting to rename a database. Note that this version
is
reportedly affected by several other cross‑ site scripting vulnerabilities. However, Site
Scanner has not tested for these vulnerabilities.”
And they told me for the solution..
“Either apply the vendor patches or upgrade to phpMyAdmin version
3.4.8 or later.”
When I about to access the same URL that will shows..
“$(document).ready(function(){$("#rename_db_form.ajax").live("submit",function(a){a.preventDefault();a=$(this);var
d="CREATE DATABASE "+$("#new_db_name").val()+" / DROP DATABASE
"+window.parent.db;PMA_prepareForAjaxRequest(a);var
b={};b[PMA_messages.strYes]=function(){$(this).dialog("close").remove();window.parent.refreshMain();window.parent.refreshNavigation()};b[PMA_messages.strNo]=function(){$(this).dialog("close").remove()};a.PMA_confirm(d,a.attr("action"),function(e){PMA_ajaxShowMessage(PMA_messages.strRenamingDatabases);
$.get(e,$("#rename_db_form").serialize()+"&is_js_confirmed=1",function(c){if(c.success==true){PMA_ajaxShowMessage(c.message);window.parent.db=c.newname;$("#topmenucontainer").next("div").remove().end().after(c.sql_query);c=$("#topmenucontainer").next("div").find(".notice");c.text()==""&&c.remove();$("<span>"+PMA_messages.strReloadDatabase+"?</span>").dialog({buttons:b})}else
PMA_ajaxShowMessage(c.error)})})});$("#copy_db_form.ajax").live("submit",function(a){a.preventDefault();var
d=PMA_ajaxShowMessage(PMA_messages.strCopyingDatabase);
a=$(this);PMA_prepareForAjaxRequest(a);$.get(a.attr("action"),a.serialize(),function(b){$(".success").fadeOut();$(".error").fadeOut();if(b.success==true){$("#topmenucontainer").after(b.message);if($("#checkbox_switch").is(":checked")){window.parent.db=b.newname;window.parent.refreshMain();window.parent.refreshNavigation()}else
window.parent.refreshNavigation(true)}else
$("#topmenucontainer").after(b.error);PMA_ajaxRemoveMessage(d)})});$("#change_db_charset_form.ajax").live("submit",function(a){a.preventDefault();
a=$(this);PMA_prepareForAjaxRequest(a);PMA_ajaxShowMessage(PMA_messages.strChangingCharset);$.get(a.attr("action"),a.serialize()+"&submitcollation="+a.find("input[name=submitcollation]").attr("value"),function(d){d.success==true?PMA_ajaxShowMessage(d.message):PMA_ajaxShowMessage(d.error)})})},"top.frame_content");”
è Here I am not able to update the version of phpMyAdmin currently I am using 3.4.5
version please suggest me how to “apply the vendor patches”.
Thanks,
Ati
26 Jul
26 Jul
7:36 a.m.
Le 2012-07-26 04:18, Atirek Goyal a écrit :
Hi,
Here is some error My scanner find here is the Description à
“The version of phpMyAdmin hosted on the remote server is 3.4.x prior
to 3.4.8 and is affected by a cross‑site scripting vulnerability. The
database name is not properly sanitized in the file
'js/db_operations.js' when attempting to rename a database. Note that
this version is reportedly affected by several other cross‑ site
scripting vulnerabilities. However, Site Scanner has not tested for
these vulnerabilities.”
And they told me for the solution..
“Either apply the vendor patches or upgrade to phpMyAdmin version
3.4.8 or later.”
è Here I am not able to update the version of
phpMyAdmin currently I
am using 3.4.5 version please suggest me how to “apply the vendor
patches”.
Hi,
applying the patches implies having write access to the directory where
phpMyAdmin is installed, so it would be easier to just update the version.
In other words, if you don't have access to update the version, you
don't have access to patch your current version either.
--
Marc Delisle
http://infomarc.info
7:43 a.m.
Hi Marc,
I have access to update the version..
But my problem is I am using Xampp and its latest version have phpMyAdmin 3.4.5 And it may
create problem to update the version of phpMyAdmin..
Suggest me the best way..
Thanks,
Ati
-----Original Message-----
From: Marc Delisle [mailto:marc@infomarc.info]
Sent: Thursday, July 26, 2012 4:07 PM
To: phpmyadmin-devel(a)lists.sourceforge.net
Subject: Re: [Phpmyadmin-devel] PhpMysql
Le 2012-07-26 04:18, Atirek Goyal a écrit :
Hi,
Here is some error My scanner find here is the Description à
“The version of phpMyAdmin hosted on the remote server is 3.4.x prior
to 3.4.8 and is affected by a cross‑site scripting vulnerability. The
database name is not properly sanitized in the file
'js/db_operations.js' when attempting to rename a database. Note that
this version is reportedly affected by several other cross‑ site
scripting vulnerabilities. However, Site Scanner has not tested for
these vulnerabilities.”
And they told me for the solution..
“Either apply the vendor patches or upgrade to phpMyAdmin version
3.4.8 or later.”
è Here I am not able to update the version of
phpMyAdmin currently I
am using 3.4.5 version please suggest me how to “apply the vendor
patches”.
Hi,
applying the patches implies having write access to the directory where
phpMyAdmin is installed, so it would be easier to just update the version.
In other words, if you don't have access to update the version, you
don't have access to patch your current version either.
--
Marc Delisle
http://infomarc.info
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Phpmyadmin-devel mailing list
Phpmyadmin-devel(a)lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel
8:04 a.m.
Le 2012-07-26 06:43, Atirek Goyal a écrit :
Hi Marc,
I have access to update the version.. But my problem is I am using
Xampp and its latest version have phpMyAdmin 3.4.5 And it may create
problem to update the version of phpMyAdmin..
I don't see which problem it would create.
By the way, please stop this discussion right here. For further help,
contact XAMPP support.
Suggest me the best way..
Thanks, Ati
-----Original Message----- From: Marc Delisle
[mailto:marc@infomarc.info] Sent: Thursday, July 26, 2012 4:07 PM To:
phpmyadmin-devel(a)lists.sourceforge.net Subject: Re:
[Phpmyadmin-devel] PhpMysql
Le 2012-07-26 04:18, Atirek Goyal a écrit :
--
Marc Delisle
http://infomarc.info
Hi,
Here is some error My scanner find here is the Description à
“The version of phpMyAdmin hosted on the remote server is 3.4.x
prior to 3.4.8 and is affected by a cross‑site scripting
vulnerability. The database name is not properly sanitized in the
file 'js/db_operations.js' when attempting to rename a database.
Note that this version is reportedly affected by several other
cross‑ site scripting vulnerabilities. However, Site Scanner has
not tested for these vulnerabilities.”
And they told me for the solution..
“Either apply the vendor patches or upgrade to phpMyAdmin version
3.4.8 or later.”
è Here I am not able to update the version of
phpMyAdmin currently
I am using 3.4.5 version please suggest me how to “apply the
vendor patches”.
Hi, applying the patches implies having write access to the directory
where phpMyAdmin is installed, so it would be easier to just update
the version. In other words, if you don't have access to update the
version, you don't have access to patch your current version either.
8:09 a.m.
Ok,
Thanks Marc
-----Original Message-----
From: Marc Delisle [mailto:marc@infomarc.info]
Sent: Thursday, July 26, 2012 4:35 PM
To: phpmyadmin-devel(a)lists.sourceforge.net
Subject: Re: [Phpmyadmin-devel] PhpMysql
Le 2012-07-26 06:43, Atirek Goyal a écrit :
Hi Marc,
I have access to update the version.. But my problem is I am using
Xampp and its latest version have phpMyAdmin 3.4.5 And it may create
problem to update the version of phpMyAdmin..
I don't see which problem it would create.
By the way, please stop this discussion right here. For further help,
contact XAMPP support.
Suggest me the best way..
Thanks, Ati
-----Original Message----- From: Marc Delisle
[mailto:marc@infomarc.info] Sent: Thursday, July 26, 2012 4:07 PM To:
phpmyadmin-devel(a)lists.sourceforge.net Subject: Re:
[Phpmyadmin-devel] PhpMysql
Le 2012-07-26 04:18, Atirek Goyal a écrit :
--
Marc Delisle
http://infomarc.info
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Phpmyadmin-devel mailing list
Phpmyadmin-devel(a)lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel
Hi,
Here is some error My scanner find here is the Description à
“The version of phpMyAdmin hosted on the remote server is 3.4.x
prior to 3.4.8 and is affected by a cross‑site scripting
vulnerability. The database name is not properly sanitized in the
file 'js/db_operations.js' when attempting to rename a database.
Note that this version is reportedly affected by several other
cross‑ site scripting vulnerabilities. However, Site Scanner has
not tested for these vulnerabilities.”
And they told me for the solution..
“Either apply the vendor patches or upgrade to phpMyAdmin version
3.4.8 or later.”
è Here I am not able to update the version of
phpMyAdmin currently
I am using 3.4.5 version please suggest me how to “apply the
vendor patches”.
Hi, applying the patches implies having write access to the directory
where phpMyAdmin is installed, so it would be easier to just update
the version. In other words, if you don't have access to update the
version, you don't have access to patch your current version either.
4426
days inactive
4426
days old
4 comments
2 participants
participants (2)
-
Atirek Goyal -
Marc Delisle