NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Secunia Advisories> 2003-q2

[sec-adv] phpMyAdmin Cross Site Scripting

From: Secunia Security Advisories (sec-advsecunia.com)
Date: Thu Jun 19 2003 - 06:04:12 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
phpMyAdmin Cross Site Scripting

READ ONLINE:
http://www.secunia.com/advisories/9076/

CRITICAL:
Less critical

IMPACT:
Cross Site Scripting, Exposure of sensitive information

WHERE:
From remote

SOFTWARE:
phpMyAdmin 2.x
phpMyAdmin 1.x

DESCRIPTION:
Multiple vulnerabilities has been identified in phpMyAdmin allowing
malicious people to conduct Cross Site Scripting.

The problem is that multiple scripts don't verify user input. This
allows malicious characters to be returned to the user, which can be
exploited to conduct a Cross Site Scripting attack.

Vulnerable scripts:

sql.php / sql.php3
pdf_schema.php
pdf_pages.php
ldi_table.php
mult_submits.inc.php
db_datadict.php
db_printview.php
read_dump.php

phpMyAdmin uses cookies with the username and password in plain text
to verify authenticated users. This is an insecure method.

Furthermore, a directory traversal vulnerability has been identified
in:
/db_details_importdocsql.php?submit_show=true&do=import&docpath=../../../

This has been reported to affect all versions including the latest
2.5.1 and 2.5.2-dev

SOLUTION:
Edit the source code to filter or validate user input, before it is
returned to the user.

Alternatively, you may install phpMyAdmin at a different
non-predictable location. This makes Cross Site Scripting more
difficult but does not eliminate the threat.

Use .htaccess to protect access to phpMyAdmin, as it is more secure
than the implemented cookie authentication.

REPORTED BY / CREDITS:
Lorenzo Hernandez Garcia-Hierro

ORIGINAL ADVISORY:
http://security.novappc.com/more.php?id=7_0_1_0_M

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]