[Phpmyadmin-devel] XSS in current phpmyadmin versions
Marc Delisle
Marc.Delisle at cegepsherbrooke.qc.ca
Wed Oct 29 17:49:31 CET 2008
Fabian Fingerle a écrit :
> Hi,
>
> Exploit :
>
> register_globals=on,off
> loged in ....
>
> query :
> http://localhost/pmd_pdf.php?db=>"><script>alert(1)</script>
>
> Could you fix this quickly?
>
> Yours
> Fabian
Hi,
The reference for this is http://www.securityfocus.com/bid/31928/info
and someone told me about this yesterday (the team was not pre-informed
about this problem).
Before releasing a "quick fix" I want to ensure there are no similar
cases lurking around.
Marc Delisle
More information about the Developers
mailing list