========================================================== Title: phpMyAdmin Cross-site Scripting Vulnerability Application: phpMyAdmin Vendor: http://www.phpmyadmin.net Vulnerable Versions: <=2.6.2-beta1 Corrected: phpMyAdmin versions after 2.6.2-beta1 Bug: Cross-site Scripting Date: 3-Apr-2005 Author: Oriol Torrent Santiago < oriol.torrent@gmail.com > ========================================================== 1) Background ----------- phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats and is available in 47 languages. 2) Problem description -------------------- phpMyAdmin <=2.6.2-beta1 contain a vulnerability is caused due to missing validation of input supplied to "convcharset" variable. This can be exploited to execute arbitrary HTML and script code(JavaScript, VBScript,etc.) in a user's browser session in context of a vulnerable site. It allows an attacker to use the vulnerability to compromise the phpMyAdmin account, cookie theft, etc. Ex1: http://host/phpmyadmin/index.php?pma_username=&pma_password=&server=1&lang=en-iso-8859-1&convcharset=\"><script>alert(document.cookie)</script> Ex2: http://host/phpmyadmin/index.php?pma_username=&pma_password=&server=1&lang=en-iso-8859-1&convcharset=\"><h1>XSS</h1> 3) Solution: --------- Vendor was contacted on the 29th of March 2005 and new version is released Download the latest version of phpMyAdmin 4) Timeline -------- 29/03/2005 Bug discovered 29/03/2005 Vendor notified 29/03/2005 Vendor response and bug fixed 03/04/2005 New version released 03/04/2005 Advisory released
twp, please bump.
Created attachment 55674 [details, diff] phpMyAdmin 2.6.2-rc1 ebuild patch Someone please bump. ;-)
> Someone please bump. ;-) sure. Stable on x86. CC'd archs please stabilize.
Stable on ppc.
Alpha stable.
Stable on hppa.
sparc stable.
amd64 done
Security please vote on GLSA need
We issued a Low GLSA for previous XSS things in phpmyadmin (200411-36), and phpmyadmin team finds the issue serious, so I think we should do one. so YES
I vote YES as well. 2 YES votes == A GLSA will be released for this issue.
GLSA 200504-08