Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Adminware, Control Panels :: c07-2561.htm

phpmyadmin >=2.8.0 and < 2.10.0 XSS

xss in phpmyadmin >=2.8.0 and < 2.10.0
xss in phpmyadmin >=2.8.0 and < 2.10.0

This xss (with xsrf possibility) works only when logged in, but since in many places anonymous logins are allowed and many webhost companies offer just 1 or few phpmyadmins for a large number of users, i consider it worth to be published.

Theoretically it is possible to obtain and use the cookie and token variables (which are necessary to get this XSS working) but i haven't made a working poc atm, but i'm sure  others will have the capability to do so.

The problem is bad filtering of $db and $table where they only check for (lowercase) -tag and not for the (uppercase)-tag to break out of the javascript.

More details can be found in an advisory found here: 

possible attack strings could look like:$token&db/table=';[XSS]$token&db/table=[HTML] 

in each case if you're running phpmyadmin <= 2.9 it's wise to update, stefan esser has even used phpmyadmin as an example in one of the bugs he found and reported in (his) mopb over a week ago( and 

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH