[Phpmyadmin-devel] XSS in current phpmyadmin versions
Hi, Exploit : register_globals=on,off loged in .... query : http://localhost/pmd_pdf.php?db=>"><script>alert(1)</script> Could you fix this quickly? Yours Fabian
Fabian Fingerle a écrit :
Hi,
Exploit :
register_globals=on,off loged in ....
query : http://localhost/pmd_pdf.php?db=>"><script>alert(1)</script>
Could you fix this quickly?
Yours Fabian
Hi, The reference for this is http://www.securityfocus.com/bid/31928/info and someone told me about this yesterday (the team was not pre-informed about this problem). Before releasing a "quick fix" I want to ensure there are no similar cases lurking around. Marc Delisle
Marc Delisle a écrit :
Fabian Fingerle a écrit :
Hi,
Exploit :
register_globals=on,off loged in ....
query : http://localhost/pmd_pdf.php?db=>"><script>alert(1)</script>
Could you fix this quickly?
Yours Fabian
Hi,
The reference for this is http://www.securityfocus.com/bid/31928/info and someone told me about this yesterday (the team was not pre-informed about this problem).
Before releasing a "quick fix" I want to ensure there are no similar cases lurking around.
Marc Delisle
Here is a proposed fix for this problem (patch for QA_3_0). Still looking for other cases. Index: pmd_pdf.php =================================================================== --- pmd_pdf.php (revision 11681) +++ pmd_pdf.php (working copy) @@ -61,7 +61,8 @@ <body> <br> <div> - <form name="form1" method="post" action="pmd_pdf.php?server=<?php echo $server; ?>&db=<?php echo $db; ?>&token=<?php echo $token; ?>"> + <form name="form1" method="post" action="pmd_pdf.php"> +<?php echo PMA_generate_common_hidden_inputs($db); ?> <div> <fieldset><legend><?php echo $GLOBALS['strExport'] . '/' . $GLOBALS['strImport']; ?></legend> <p><?php echo $strExportImportToScale; ?>:
participants (2)
-
Fabian Fingerle -
Marc Delisle