|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
about phpMyAdmin setup.php XSS vulnerability
From: Marc Delisle (Marc.Delisle
cegepsherbrooke.qc.ca)
Date: Mon Oct 15 2007 - 18:10:12 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
phpMyAdmin version 2.11.1.1 was released to fix this, along with a
security announcement:
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-5
which contains a mitigating factor:
"We could only trigger it when using Internet Explorer with the 'send
URLs as UTF8' setting disabled. The default value of this setting being
'enabled' reduces the impact of this problem."
For distros who prefer a small patch:
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_1/phpMyAdmin/scripts/setup.php?r1=10637&r2=10748&view=patch
Marc Delisle, for the team
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]