Bug 130293

Summary:	dev-db/phpmyadmin XSS and SQL issues
Product:	Gentoo Security	Reporter:	Sune Kloppenborg Jeppesen (RETIRED) <jaervosz>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	web-apps
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://secunia.com/advisories/19659/
Whiteboard:	B3 [] DerCorny
Package list:		Runtime testing required:	---

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-04-17 13:10:19 UTC

Description:
p0w3r has discovered a vulnerability in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks and execute arbitrary SQL code.
 
 Input passed to the "sql_query" parameter in sql.php is not properly sanitised before being used. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site or execute arbitrary SQL code by tricking an administrative user into following a specially crafted link while being logged in.
 
 Example:
 http://[host]/sql.php?lang=de-utf-8&server=1&collation_connection=utf8_general_ci&db=[database]&table=fu&goto=tbl_properties_structure.php&back=tbl_properties_structure.php&sql_query=[code]
 
 The vulnerability has been confirmed in version 2.8.0.3 and has also been reported in version 2.7.0-pl1. Other versions may also be affected.

Solution:
Do not visit untrusted web sites while being logged into the administration interface.

Provided and/or discovered by:
p0w3r

Comment 1 Stefan Cornelius (RETIRED) gentoo-dev

2006-04-19 08:44:13 UTC

web-apps, please provide fixed ebuilds, thank you

Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-04-20 09:19:26 UTC

Handling stable marking on bug #129850

Comment 3 Stefan Cornelius (RETIRED) gentoo-dev

2006-04-30 05:58:50 UTC

for the glsa-vote see bug #129850 - closing without glsa