[Phpmyadmin-devel] XSS in current phpmyadmin versions

Marc Delisle Marc.Delisle at cegepsherbrooke.qc.ca
Wed Oct 29 18:33:15 CET 2008


Marc Delisle a écrit :
> Fabian Fingerle a écrit :
>> Hi,
>>
>> Exploit :
>>
>> register_globals=on,off
>> loged in ....
>>
>> query :
>> http://localhost/pmd_pdf.php?db=>"><script>alert(1)</script>
>>
>> Could you fix this quickly?
>>
>> Yours
>>  Fabian
> 
> Hi,
> 
> The reference for this is http://www.securityfocus.com/bid/31928/info
> and someone told me about this yesterday (the team was not pre-informed
> about this problem).
> 
> Before releasing a "quick fix" I want to ensure there are no similar
> cases lurking around.
> 
> Marc Delisle

Here is a proposed fix for this problem (patch for QA_3_0). Still
looking for other cases.

Index: pmd_pdf.php
===================================================================
--- pmd_pdf.php (revision 11681)
+++ pmd_pdf.php (working copy)
@@ -61,7 +61,8 @@
 <body>
 <br>
 <div>
-  <form name="form1" method="post" action="pmd_pdf.php?server=<?php
echo $server; ?>&db=<?php echo $db; ?>&token=<?php echo $token; ?>">
+  <form name="form1" method="post" action="pmd_pdf.php">
+<?php echo PMA_generate_common_hidden_inputs($db); ?>
     <div>
     <fieldset><legend><?php echo $GLOBALS['strExport'] . '/' .
$GLOBALS['strImport']; ?></legend>
     <p><?php echo $strExportImportToScale; ?>:







More information about the Developers mailing list