[Phpmyadmin-devel] Re: phpMyAdmin 'sql_query' Cross-Site Scripting and SQL Code Execution

Sebastian Mendel lists at sebastianmendel.de
Thu Apr 20 06:59:03 CEST 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Michal ?iha? schrieb:
> On Thu, 20 Apr 2006 14:50:55 +0200
> Michal ?iha? <michal at cihar.com> wrote:
> 
>> Both is quite simple (see attached patch). Only problem is when to
>> check whether token is correct. For now I added check to import.php and
>> sql.php, are there any other dangerous places?
> 
> Problematic places are many :-(. Eg. dropping users using URL:
> 
> http://localhost/pma-2.8.0/server_privileges.php?selected_usr%5B%5D=aaa%1B%25&mode=2&delete=Prove%C4%8F
> 
> It will be quite hard to spot all such places. Any better idea how to
> protect against such XSS?

token can be checked globaly in common.lib.php

if token is wrong empty all $_REQUEST/GET/POST



- --
Sebastian Mendel

www.sebastianmendel.de
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)

iD8DBQFER5M9X/0lClpZDr4RAlQnAKCjjsLJgf1NVBSjgUF/kLCUEqh/WACgsdF6
r/rINW+W5Gu57iPUzqp9eUc=
=O+JN
-----END PGP SIGNATURE-----




More information about the Developers mailing list