Orange Business Services
Vigil@nce Vigil@nce Vigil@nce
we track for your security since 1999
 home presentation vulnerabilities documentation contact  
subscriber area subscriber area
free access free access
The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed
vulnerability

vulnerability announce 8832

phpMyAdmin: Cross Site Scripting of db

Synthesis of the vulnerability

An attacker can use the db parameter to generate a Cross Site Scripting in phpMyAdmin.
Severity: 2/4.
Creation date: 01/07/2009.

Impacted products

Description of the vulnerability

The phpMyAdmin server is used to administer a MySQL database via a web browser.

The "db" parameter indicates the name of the database. This parameter is checked by phpMyAdmin. However, this check is bypassed if "db" starts with a double escape such as :
  ">'>

An attacker can therefore use the db parameter to generate a Cross Site Scripting in phpMyAdmin.

Share this bulletin

Delicious Digg Facebook Google bookmarks LinkedIn Mail Reddit StumbleUpon Technorati Twitter Yahoo 

Complete Vigil@nce bulletin

phpMyAdmin: Cross Site Scripting of db

Characteristics

Title: phpMyAdmin: Cross Site Scripting of db.
Keywords: Cross MySQL Scripting Site phpMyAdmin.
Identifiers: BID-35531, VIGILANCE-VUL-8832.

Supplements

Attack

Exploit 0day or proof of concept

Computer vulnerabilities tracking service

Vigil@nce provides a computers vulnerabilities patch. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The Vigil@nce vulnerability database contains several thousand vulnerabilities.



















Copyright 1999-2012 Vigil@nce. Vigil@nce is a service from Orange Business Services. Site map. Legal notice. Version française