[Phpmyadmin-devel] XSS in current phpmyadmin versions
Marc Delisle
Marc.Delisle at cegepsherbrooke.qc.ca
Wed Oct 29 18:33:15 CET 2008
Marc Delisle a écrit :
> Fabian Fingerle a écrit :
>> Hi,
>>
>> Exploit :
>>
>> register_globals=on,off
>> loged in ....
>>
>> query :
>> http://localhost/pmd_pdf.php?db=>"><script>alert(1)</script>
>>
>> Could you fix this quickly?
>>
>> Yours
>> Fabian
>
> Hi,
>
> The reference for this is http://www.securityfocus.com/bid/31928/info
> and someone told me about this yesterday (the team was not pre-informed
> about this problem).
>
> Before releasing a "quick fix" I want to ensure there are no similar
> cases lurking around.
>
> Marc Delisle
Here is a proposed fix for this problem (patch for QA_3_0). Still
looking for other cases.
Index: pmd_pdf.php
===================================================================
--- pmd_pdf.php (revision 11681)
+++ pmd_pdf.php (working copy)
@@ -61,7 +61,8 @@
<body>
<br>
<div>
- <form name="form1" method="post" action="pmd_pdf.php?server=<?php
echo $server; ?>&db=<?php echo $db; ?>&token=<?php echo $token; ?>">
+ <form name="form1" method="post" action="pmd_pdf.php">
+<?php echo PMA_generate_common_hidden_inputs($db); ?>
<div>
<fieldset><legend><?php echo $GLOBALS['strExport'] . '/' .
$GLOBALS['strImport']; ?></legend>
<p><?php echo $strExportImportToScale; ?>:
More information about the Developers
mailing list