AOH :: HP Unsorted A :: TB13001.HTM

about phpMyAdmin setup.php XSS vulnerability



about phpMyAdmin setup.php XSS vulnerability
about phpMyAdmin setup.php XSS vulnerability



Hi,

phpMyAdmin version 2.11.1.1 was released to fix this, along with a 
security announcement: 
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-5 

which contains a mitigating factor:

"We could only trigger it when using Internet Explorer with the 'send 
URLs as UTF8' setting disabled. The default value of this setting being 
'enabled' reduces the impact of this problem."

For distros who prefer a small patch:
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_1/phpMyAdmin/scripts/setup.php?r1=10637&r2=10748&view=patch 

Marc Delisle, for the team

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.