Hi,
Exploit :
register_globals=on,off loged in ....
query : http://localhost/pmd_pdf.php?db=%3E%22%3E<script>alert(1)</script>
Could you fix this quickly?
Yours Fabian
Fabian Fingerle a écrit :
Hi,
Exploit :
register_globals=on,off loged in ....
query : http://localhost/pmd_pdf.php?db=%3E%22%3E<script>alert(1)</script>
Could you fix this quickly?
Yours Fabian
Hi,
The reference for this is http://www.securityfocus.com/bid/31928/info and someone told me about this yesterday (the team was not pre-informed about this problem).
Before releasing a "quick fix" I want to ensure there are no similar cases lurking around.
Marc Delisle
Marc Delisle a écrit :
Fabian Fingerle a écrit :
Hi,
Exploit :
register_globals=on,off loged in ....
query : http://localhost/pmd_pdf.php?db=%3E%22%3E<script>alert(1)</script>
Could you fix this quickly?
Yours Fabian
Hi,
The reference for this is http://www.securityfocus.com/bid/31928/info and someone told me about this yesterday (the team was not pre-informed about this problem).
Before releasing a "quick fix" I want to ensure there are no similar cases lurking around.
Marc Delisle
Here is a proposed fix for this problem (patch for QA_3_0). Still looking for other cases.
Index: pmd_pdf.php =================================================================== --- pmd_pdf.php (revision 11681) +++ pmd_pdf.php (working copy) @@ -61,7 +61,8 @@ <body> <br> <div> - <form name="form1" method="post" action="pmd_pdf.php?server=<?php echo $server; ?>&db=<?php echo $db; ?>&token=<?php echo $token; ?>"> + <form name="form1" method="post" action="pmd_pdf.php"> +<?php echo PMA_generate_common_hidden_inputs($db); ?> <div> <fieldset><legend><?php echo $GLOBALS['strExport'] . '/' . $GLOBALS['strImport']; ?></legend> <p><?php echo $strExportImportToScale; ?>:
-
Fabian Fingerle -
Marc Delisle