Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2005-2022 Tenable Network Security, Inc.PHPMYADMIN_CONVCHARSET_XSS.NASL
HistoryApr 05, 2005 - 12:00 a.m.

phpMyAdmin index.php convcharset Parameter XSS

2005-04-0500:00:00
This script is Copyright (C) 2005-2022 Tenable Network Security, Inc.
www.tenable.com
12
JSON

The installed version of phpMyAdmin suffers from a cross-site scripting vulnerability due to its failure to sanitize user input to the ‘convcharset’ parameter of the ‘index.php’ script. A remote attacker may use these vulnerabilities to cause arbitrary code to be executed in a user’s browser to steal authentication cookies and the like.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(17689);
  script_version("1.20");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id("CVE-2005-0992");
  script_bugtraq_id(12982);

  script_name(english:"phpMyAdmin index.php convcharset Parameter XSS");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server contains a PHP script that is affected by a
cross-site scripting vulnerability.");
  script_set_attribute(attribute:"description", value:
"The installed version of phpMyAdmin suffers from a cross-site
scripting vulnerability due to its failure to sanitize user input to
the 'convcharset' parameter of the 'index.php' script.  A remote
attacker may use these vulnerabilities to cause arbitrary code to be
executed in a user's browser to steal authentication cookies and the
like.");
  script_set_attribute(attribute:"solution", value:
"Upgrade to phpMyAdmin 2.6.2-rc1 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

  script_set_attribute(attribute:"vuln_publication_date", value:"2005/04/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/04/05");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:phpmyadmin:phpmyadmin");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_ATTACK);
  script_family(english:"CGI abuses : XSS");

  script_copyright(english:"This script is Copyright (C) 2005-2022 Tenable Network Security, Inc.");

  script_dependencies("cross_site_scripting.nasl", "phpMyAdmin_detect.nasl");
  script_require_keys("www/phpMyAdmin", "www/PHP");
  script_exclude_keys("Settings/disable_cgi_scanning");
  script_require_ports("Services/www", 80);

  exit(0);
}


include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("url_func.inc");

port = get_http_port(default:80, php:TRUE, no_xss:TRUE);

# A simple alert.
xss = "<script>alert('" + SCRIPT_NAME + "');</script>";

# Test an install.
install = get_kb_item(string("www/", port, "/phpMyAdmin"));
if (isnull(install)) exit(0);
matches = eregmatch(string:install, pattern:"^(.+) under (/.*)$");
if (!isnull(matches)) {
  dir = matches[2];
  # Try to exploit the vulnerability with our XSS.
  test_cgi_xss(port: port, cgi: "/index.php", dirs: make_list(dir),
 pass_str: xss, qs: string(
      "pma_username=&",
      "pma_password=&",
      "server=1&",
      "lang=en-iso-8859-1&",
      "convcharset=%5C%22%3E", urlencode(str:xss)
    ));
}
VendorProductVersionCPE
phpmyadminphpmyadmincpe:/a:phpmyadmin:phpmyadmin

Related

nessus 2
openvas 4
freebsd 1
gentoo 1
ubuntucve 3
debiancve 3
cve 3
cvelist 3
phpmyadmin 1
prion 2
securityvulns 1
nessus
nessus
GLSA-200504-08 : phpMyAdmin: XSS vulnerability
2005-04-12 00:00:00
FreeBSD : phpmyadmin -- XSS vulnerability (58247a96-01c8-11da-bc08-0001020eed82)
2005-08-01 00:00:00
openvas
openvas
FreeBSD Ports: phpmyadmin, phpMyAdmin
2008-09-04 00:00:00
FreeBSD Ports: phpmyadmin, phpMyAdmin
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200504-08 (phpMyAdmin)
2008-09-24 00:00:00
freebsd
freebsd
phpmyadmin -- cross site scripting vulnerability
2005-04-03 00:00:00
gentoo
gentoo
phpMyAdmin: Cross-site scripting vulnerability
2005-04-11 00:00:00
ubuntucve
ubuntucve
CVE-2005-0992
2005-05-02 00:00:00
CVE-2007-0341
2007-01-18 00:00:00
CVE-2007-6100
2007-11-23 00:00:00
debiancve
debiancve
CVE-2005-0992
2005-05-02 04:00:00
CVE-2007-6100
2007-11-23 20:46:00
CVE-2007-0341
2007-01-18 02:28:00
cve
cve
CVE-2005-0992
2005-05-02 04:00:00
CVE-2007-6100
2007-11-23 20:46:00
CVE-2007-0341
2007-01-18 02:28:00
cvelist
cvelist
CVE-2005-0992
2005-04-07 04:00:00
CVE-2007-6100
2007-11-23 20:00:00
CVE-2007-0341
2007-01-18 02:00:00
phpmyadmin
phpmyadmin
Cross-Site Scripting vulnerability
2005-04-03 00:00:00
prion
prion
Cross site scripting
2007-11-23 20:46:00
Cross site scripting
2007-01-18 02:28:00
securityvulns
securityvulns
Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2007-01-12 00:00:00
JSON
Related for PHPMYADMIN_CONVCHARSET_XSS.NASL
nessus2openvas4freebsd1gentoo1ubuntucve3debiancve3cve3cvelist3phpmyadmin1prion2securityvulns1