phpMyAdmin select_server.lib.php Multiple Variable XSS

2005-02-24T08:27:54
ID OSVDB:14096
Type osvdb
Reporter Maksymilian Arciemowicz(max@jestsuper.pl)
Modified 2005-02-24T08:27:54

Description

Vulnerability Description

phpMyAdmin contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate multiple variables upon submission to the select_server.lib.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Upgrade to version 2.6.1-pl1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

phpMyAdmin contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate multiple variables upon submission to the select_server.lib.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/[DIR]/libraries/select_server.lib.php?cfg[Servers][cXIb8O3]=toja&cfg[Servers][sp3x]=toty&show_server_left=MyToMy&strServer=[XSS%20code]

http://[victim]/[DIR]/libraries/select_server.lib.php?cfg[Servers][cXIb8O3]=toja&cfg[Servers][sp3x]=toty&cfg[BgcolorOne]=777777%22%3E%3CH1%3E[XSS%20code]

http://[victim]/[DIR]/libraries/select_server.lib.php?cfg[Servers][cXIb8O3]=toja&cfg[Servers][sp3x]=toty&strServerChoice=%3CH1%3EXSS

References:

Vendor URL: http://www.phpmyadmin.net/ Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:14469 Secunia Advisory ID:14382 Related OSVDB ID: 14094 Related OSVDB ID: 14095 Related OSVDB ID: 14099 Related OSVDB ID: 14098 Related OSVDB ID: 14100 Related OSVDB ID: 14101 Related OSVDB ID: 14097 Other Advisory URL: http://security.gentoo.org/glsa/glsa-200503-07.xml Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-02/0437.html ISS X-Force ID: 19462 CVE-2005-0543 Bugtraq ID: 12644