-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Advisory: Multiple Cross Site Scripting vulnerabilities
in phpMyAdmin
Name: TKADV2005-10-001
Revision: 1.2
Release Date: 2005/10/22
Last Modified: 2005/10/28
Author: Tobias Klein (tk at trapkit.de)
Affected Software: phpMyAdmin (all versions <= 2.6.4-pl2)
Risk: Low
Vendor URL: http://www.phpmyadmin.net
Vendor Status: Vendor has released an updated version
=========
Overview:
=========
phpMyAdmin is a commonly used MySQL database administration tool.
Version 2.6.4-pl2 and prior contain multiple Cross Site Scripting
vulnerabilities. Successful exploitation allows an attacker to
execute arbitrary scripted content in a user's web browser in the
context of the site running phpMyAdmin.
========
Details:
========
The following scripts are vulnerable to Cross Site Scripting (GET
method):
- left.php
- queryframe.php
- server_databases.php
=================
Proof of Concept:
=================
/[dir]/left.php?lang=en-iso-8859- 1&server=1&hash=/left.php?lang=en-
iso-8859- 1&server=1&hash=">
/[dir]/queryframe.php?lang=en-iso-8859- 1&server=1&hash=
">
/[dir]/server_databases.php?lang=en-iso-8859- 1&server=1&
sort_by=db_name&sort_order=">
/[dir]/server_databases.php?lang=en-iso-8859-
1&server=1& sort_by=">
=========
Solution:
=========
Upgrade to phpMyAdmin 2.6.4-pl3 or newer.
http://www.phpmyadmin.net/home_page/downloads.php
========
History:
========
2005/10/19 - Vendor notified
2005/10/19 - Vendor response
2005/10/22 - Release of new phpMyAdmin version
========
Credits:
========
Vulnerabilities found and advisory written by Tobias Klein.
===========
References:
===========
[1] http://www.phpmyadmin.net/home_page/security.php?issue=
PMASA-2005-5
[2] http://www.trapkit.de/advisories/TKADV2005-10-001.txt
[3] http://www.securityfocus.com/bid/15196
[4] http://secunia.com/advisories/17289/
[5] http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3301
========
Changes:
========
Revision 1.0 - Initial release
Revision 1.1 - Adjusted history timeline
Revision 1.2 - Added references to Secunia, BID and CVE
==================
PGP Signature Key:
==================
http://www.trapkit.de/advisories/tk-advisories-signature-key.asc
Copyright 2005 Tobias Klein. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQA/AwUBQ2KPUZF8YHACG4RBEQImrACfQO+eBf8ky+VA+aYPBJjFlVHdWtAAoJuy
4z2uG9/4A+LIz4C0/rmZhXuK
=Uqky
-----END PGP SIGNATURE-----