phpFriendlyAdmin Multiple Unspecified XSS

2003-11-20T06:14:31
ID OSVDB:2837
Type osvdb
Reporter OSVDB
Modified 2003-11-20T06:14:31

Description

Vulnerability Description

phpFriendlyAdmin contains a flaw that allows a remote cross site scripting attack. This could allow a user to send a specially crafted request and redirect the user to a URL which would capture the authentication cookies for any active phpFriendlyAdmin session. Further details of this flaw do not exist.

Technical Description

The vendor has not provided technical details on where the vulnerabilties exist or what conditions are required for successful exploitation.

Solution Description

Upgrade to version 1.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as The vendor has not disclose what segments of code were vulnerable or provide a workaround.

Short Description

phpFriendlyAdmin contains a flaw that allows a remote cross site scripting attack. This could allow a user to send a specially crafted request and redirect the user to a URL which would capture the authentication cookies for any active phpFriendlyAdmin session. Further details of this flaw do not exist.

References:

Vendor Specific Solution URL: http://phpfriendly.sourceforge.net/download/index.php Vendor Specific Advisory URL Secunia Advisory ID:10268 ISS X-Force ID: 13794 Bugtraq ID: 9075