-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory: Multiple Cross Site Scripting vulnerabilities in phpMyAdmin Name: TKADV2005-10-001 Revision: 1.2 Release Date: 2005/10/22 Last Modified: 2005/10/28 Author: Tobias Klein (tk at trapkit.de) Affected Software: phpMyAdmin (all versions <= 2.6.4-pl2) Risk: Low Vendor URL: http://www.phpmyadmin.net Vendor Status: Vendor has released an updated version ========= Overview: ========= phpMyAdmin is a commonly used MySQL database administration tool. Version 2.6.4-pl2 and prior contain multiple Cross Site Scripting vulnerabilities. Successful exploitation allows an attacker to execute arbitrary scripted content in a user's web browser in the context of the site running phpMyAdmin. ======== Details: ======== The following scripts are vulnerable to Cross Site Scripting (GET method): - left.php - queryframe.php - server_databases.php ================= Proof of Concept: ================= /[dir]/left.php?lang=en-iso-8859- 1&server=1&hash=/left.php?lang=en- iso-8859- 1&server=1&hash="> /[dir]/queryframe.php?lang=en-iso-8859- 1&server=1&hash= "> /[dir]/server_databases.php?lang=en-iso-8859- 1&server=1& sort_by=db_name&sort_order="> /[dir]/server_databases.php?lang=en-iso-8859- 1&server=1& sort_by="> ========= Solution: ========= Upgrade to phpMyAdmin 2.6.4-pl3 or newer. http://www.phpmyadmin.net/home_page/downloads.php ======== History: ======== 2005/10/19 - Vendor notified 2005/10/19 - Vendor response 2005/10/22 - Release of new phpMyAdmin version ======== Credits: ======== Vulnerabilities found and advisory written by Tobias Klein. =========== References: =========== [1] http://www.phpmyadmin.net/home_page/security.php?issue= PMASA-2005-5 [2] http://www.trapkit.de/advisories/TKADV2005-10-001.txt [3] http://www.securityfocus.com/bid/15196 [4] http://secunia.com/advisories/17289/ [5] http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3301 ======== Changes: ======== Revision 1.0 - Initial release Revision 1.1 - Adjusted history timeline Revision 1.2 - Added references to Secunia, BID and CVE ================== PGP Signature Key: ================== http://www.trapkit.de/advisories/tk-advisories-signature-key.asc Copyright 2005 Tobias Klein. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQ2KPUZF8YHACG4RBEQImrACfQO+eBf8ky+VA+aYPBJjFlVHdWtAAoJuy 4z2uG9/4A+LIz4C0/rmZhXuK =Uqky -----END PGP SIGNATURE-----