what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Hardened-PHP Project Security Advisory 2006-12.137

Hardened-PHP Project Security Advisory 2006-12.137
Posted Nov 6, 2006
Authored by Stefan Esser, Hardened-PHP Project | Site hardened-php.net

Hardened-PHP Project Security Advisory - phpMyAdmin versions 2.9.0.2 and below suffer from a cross site scripting vulnerability in error.php.

tags | advisory, php, xss
SHA-256 | 1bae322ca8783399c8a21d7d7775c5260943a18a3e1112ed3866646ec425d742

Hardened-PHP Project Security Advisory 2006-12.137

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hardened-PHP Project
www.hardened-php.net

-= Security Advisory =-


Advisory: phpMyAdmin - error.php XSS Vulnerability
Release Date: 2006/11/02
Last Modified: 2006/11/02
Author: Stefan Esser [sesser@hardened-php.net]

Application: phpMyAdmin <= 2.9.0.2
Severity: XSS vulnerability in an error displaying script
Risk: Medium Critical
Vendor Status: Vendor has a released an updated version
References: http://www.hardened-php.net/advisory_122006.137.html


Overview:

Quote from http://www.phpmyadmin.net
"phpMyAdmin is a tool written in PHP intended to handle the
administration of MySQL over the Web. Currently it can create and
drop databases, create/drop/alter tables, delete/edit/add fields,
execute any SQL statement, manage keys on fields, manage privileges,
export data into various formats and is available in 50 languages."

It was discovered that phpMyAdmin comes with a script to display
error messages that supports displaying the error in a user supplied
charset. Unfortunately the encoding of the error message is not
taking the charset into account which can result into XSS when UTF-7
is selected. (Other charsets like US-ASCII can also be used to
exploit this in some browsers.)

To trigger this XSS vulnerability an attacker just needs to call
the error displaying script with charset=utf-7 and utf-7 encoded
HTML tags in the error message.


Proof of Concept:

The Hardened-PHP Project is not going to release exploits for
this vulnerability to the public.


Disclosure Timeline:

18. October 2006 - Contacted phpMyAdmin developers by email
01. November 2006 - Updated phpMyAdmin was released
02. November 2006 - Public Disclosure


Recommendation:

It is strongly recommended to upgrade to the newest version of
phpMyAdmin 2.9.0.3 which you can download at:

http://www.phpmyadmin.net/home_page/downloads.php


GPG-Key:

http://www.hardened-php.net/hardened-php-signature-key.asc

pub 1024D/0A864AA1 2004-04-17 Hardened-PHP Signature Key
Key fingerprint = 066F A6D0 E57E 9936 9082 7E52 4439 14CC 0A86 4AA1


Copyright 2006 Stefan Esser. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFFSbPtRDkUzAqGSqERAkcTAJ49t9pfmuBAyvk0UcHuhZe/6cu48gCgp3ea
HoIvssTE/gfvQyAY3BcOhwQ=
=70mU
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close