[Phpmyadmin-git] [SCM] phpMyAdmin branch, master, updated. RELEASE_3_4_3_1-13275-ga5394bd

Herman van Rink helmo at users.sourceforge.net
Sat Aug 6 17:17:51 CEST 2011 

The branch, master has been updated
       via  a5394bdc1de0382f7939233a04a0b5f3a0491219 (commit)
       via  f1025544e631c4006ac42be2ddcc5904b567ae8d (commit)
      from  db29c02f7a96d10e0369e1adf43fd285cdb3f230 (commit)


- Log -----------------------------------------------------------------
commit a5394bdc1de0382f7939233a04a0b5f3a0491219
Merge: f1025544e631c4006ac42be2ddcc5904b567ae8d db29c02f7a96d10e0369e1adf43fd285cdb3f230
Author: Herman van Rink <rink at initfour.nl>
Date:   Sat Aug 6 17:13:04 2011 +0200

    Merge branch 'master' of ssh://phpmyadmin.git.sourceforge.net/gitroot/phpmyadmin/phpmyadmin

commit f1025544e631c4006ac42be2ddcc5904b567ae8d
Author: Herman van Rink <rink at initfour.nl>
Date:   Sat Aug 6 17:09:01 2011 +0200

    Added SQL dump of databases and tables useful for security testing

-----------------------------------------------------------------------

Summary of changes:
 test/test_data/exploit_test.sql |  150 +++++++++++++++++++++++++++++++++++++++
 1 files changed, 150 insertions(+), 0 deletions(-)
 create mode 100644 test/test_data/exploit_test.sql

diff --git a/test/test_data/exploit_test.sql b/test/test_data/exploit_test.sql
new file mode 100644
index 0000000..dce733f
--- /dev/null
+++ b/test/test_data/exploit_test.sql
@@ -0,0 +1,150 @@
+-- phpMyAdmin SQL Dump
+-- version 3.5.0-dev
+-- http://www.phpmyadmin.net
+--
+-- Host: barclay
+-- Generation Time: Aug 06, 2011 at 04:53 PM
+-- Server version: 5.1.49-3-log
+-- PHP Version: 5.3.3-7+squeeze1
+
+SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";
+SET time_zone = "+00:00";
+
+
+/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
+/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
+/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
+/*!40101 SET NAMES utf8 */;
+
+DROP DATABASE `"><script>alert(200);</script>`;
+DROP DATABASE `'><script>alert(201);</script>`;
+DROP DATABASE `exploit_test`;
+
+--
+-- Database: `"><script>alert(200);</script>`
+--
+CREATE DATABASE `"><script>alert(200);</script>` DEFAULT CHARACTER SET latin1 COLLATE latin1_swedish_ci;
+
+--
+-- Database: `'><script>alert(201);</script>`
+--
+CREATE DATABASE `'><script>alert(201);</script>` DEFAULT CHARACTER SET latin1 COLLATE latin1_swedish_ci;
+
+--
+-- Database: `exploit_test`
+--
+CREATE DATABASE `exploit_test` DEFAULT CHARACTER SET latin1 COLLATE latin1_swedish_ci;
+USE `exploit_test`;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `"><script>alert(109);</script>`
+--
+
+CREATE TABLE IF NOT EXISTS `"><script>alert(109);</script>` (
+  `id` int(2) NOT NULL,
+  `foo` varchar(255) NOT NULL
+) ENGINE=MyISAM DEFAULT CHARSET=latin1;
+
+--
+-- Dumping data for table `"><script>alert(109);</script>`
+--
+
+INSERT INTO `"><script>alert(109);</script>` (`id`, `foo`) VALUES
+(1, ''),
+(2, '');
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `';  eval('alert(107)')`
+--
+
+CREATE TABLE IF NOT EXISTS `';  eval('alert(107)')` (
+  `id` int(11) NOT NULL
+) ENGINE=MyISAM DEFAULT CHARSET=latin1;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `'><script>alert(106);</script>`
+--
+
+CREATE TABLE IF NOT EXISTS `'><script>alert(106);</script>` (
+  `id` int(2) NOT NULL
+) ENGINE=MyISAM DEFAULT CHARSET=latin1;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `<script>alert(105);</script>`
+--
+
+CREATE TABLE IF NOT EXISTS `<script>alert(105);</script>` (
+  `dsaf` int(4) NOT NULL
+) ENGINE=MyISAM DEFAULT CHARSET=latin1;
+
+--
+-- Dumping data for table `<script>alert(105);</script>`
+--
+
+INSERT INTO `<script>alert(105);</script>` (`dsaf`) VALUES
+(1);
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `evil_column_names`
+--
+
+CREATE TABLE IF NOT EXISTS `evil_column_names` (
+  `<script>alert(100);</script>` int(1) NOT NULL,
+  `"><script>alert(101);</script>` int(2) NOT NULL,
+  `'><script>alert(102);</script>` int(2) NOT NULL,
+  `evil_comment` int(3) NOT NULL COMMENT '<script>alert(104);</script>'
+) ENGINE=MyISAM DEFAULT CHARSET=latin1;
+
+--
+-- Dumping data for table `evil_column_names`
+--
+
+INSERT INTO `evil_column_names` (`<script>alert(100);</script>`, `"><script>alert(101);</script>`, `'><script>alert(102);</script>`, `evil_comment`) VALUES
+(1, 23, 45, 5),
+(2, 3, 77, 3);
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `evil_content`
+--
+
+CREATE TABLE IF NOT EXISTS `evil_content` (
+	  `text` varchar(255) NOT NULL
+	) ENGINE=MyISAM DEFAULT CHARSET=latin1;
+
+
+--
+-- Dumping data for table `evil_content`
+--
+
+INSERT INTO `evil_content` (`text`) VALUES
+('"><script>alert(301);</script>'),
+('''><script>alert(302);</script>'),
+('<script>alert(303);</script>'),
+(''';  eval(''alert(304)'');');
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `evil_table_comment`
+--
+
+CREATE TABLE IF NOT EXISTS `evil_table_comment` (
+  `id` int(1) NOT NULL
+) ENGINE=MyISAM DEFAULT CHARSET=latin1 COMMENT='"><script>alert(400);</script>';
+
+
+/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
+/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
+/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;


hooks/post-receive
-- 
phpMyAdmin

More information about the Git mailing list