From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <icesik@mail.ru>
From: Igor Zubkov <icesik@mail.ru>
Organization: ALTLinux Team
To: ALT Linux Sisyphus discussion list <sisyphus@lists.altlinux.org>
Date: Mon, 17 Apr 2006 14:18:29 +0300
User-Agent: KMail/1.9.1
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart1177259.K5lWgJh7Nc";
	protocol="application/pgp-signature"; micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <200604171418.33283.icesik@mail.ru>
Subject: [sisyphus] Fwd: [SA19659] phpMyAdmin "sql_query" Cross-Site
	Scripting and SQL Code Execution
X-BeenThere: sisyphus@lists.altlinux.org
X-Mailman-Version: 2.1.7
Precedence: list
Reply-To: ALT Linux Sisyphus discussion list <sisyphus@lists.altlinux.org>
List-Id: ALT Linux Sisyphus discussion list <sisyphus.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/listinfo/sisyphus>,
	<mailto:sisyphus-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/sisyphus>
List-Post: <mailto:sisyphus@lists.altlinux.org>
List-Help: <mailto:sisyphus-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/sisyphus>,
	<mailto:sisyphus-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Apr 2006 11:18:50 -0000
Archived-At: <http://lore.altlinux.org/sisyphus/200604171418.33283.icesik@mail.ru/>
List-Archive: <http://lore.altlinux.org/sisyphus/>
List-Post: <mailto:sisyphus@altlinux.ru>

--nextPart1177259.K5lWgJh7Nc
Content-Type: multipart/mixed;
  boundary="Boundary-01=_Fm3QE3PJVHR2OcC"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--Boundary-01=_Fm3QE3PJVHR2OcC
Content-Type: text/plain;
  charset="koi8-r"
Content-Transfer-Encoding: base64
Content-Disposition: inline

8NLJ18XULCD308XNIQoK99PFzSAi097B09TMydfZzSIgz8LMwcTB1MXM0c0gcGhwTXlBZG1pbiDQ
z9PX0d3BxdTT0S4KCi0tIAr618XSySAtIOnH0sEg1yDzxcLRCg==

--Boundary-01=_Fm3QE3PJVHR2OcC
Content-Type: message/rfc822;
  name="forwarded message"
Content-Transfer-Encoding: quoted-printable
Content-Description: Secunia Security Advisories <sec-adv@secunia.com>:
	[SA19659] phpMyAdmin "sql_query" Cross-Site Scripting and SQL
	Code Execution
Content-Disposition: inline

Return-path: <ca@secunia.com>
Received: from [213.150.41.240] (port=3D46524 helo=3Dsecunia.com)
	by mx19.mail.ru with esmtp=20 id 1FVRX3-000GL6-00
	for icesik@mail.ru; Mon, 17 Apr 2006 15:04:37 +0400
Received-SPF: none (mx19.mail.ru: 213.150.41.240 is neither permitted nor d=

enied by domain of secunia.com) client-ip=3D213.150.41.240; envelope-from=
=3Dca@secunia.com; helo=3Dsecunia.com;
Received: (qmail 27140 invoked by uid 507); 17 Apr 2006 11:04:10 -0000
Date: 17 Apr 2006 11:04:10 -0000
Message-ID: <20060417110410.27139.qmail@secunia.com>
To: icesik@mail.ru
Subject: [SA19659] phpMyAdmin "sql_query" Cross-Site Scripting and SQL Code=
 Execution
=46rom: Secunia Security Advisories <sec-adv@secunia.com>
Content-Type: text/plain;
  charset=3D"US-ASCII"
Content-Transfer-Encoding: 7bit
X-Spam: Not detected


TITLE:
phpMyAdmin "sql_query" Cross-Site Scripting and SQL Code Execution

SECUNIA ADVISORY ID:
SA19659

VERIFY ADVISORY:
http://secunia.com/advisories/19659/

CRITICAL:
Less critical

IMPACT:
Security Bypass, Cross Site Scripting

WHERE:
=46rom remote

SOFTWARE:
phpMyAdmin 2.x
http://secunia.com/product/1720/
phpMyAdmin 1.x
http://secunia.com/product/1719/

DESCRIPTION:
p0w3r has discovered a vulnerability in phpMyAdmin, which can be
exploited by malicious people to conduct cross-site scripting attacks
and execute arbitrary SQL code.

Input passed to the "sql_query" parameter in sql.php is not properly
sanitised before being used. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in context
of an affected site or execute arbitrary SQL code by tricking an
administrative user into following a specially crafted link while
being logged in.

Example:
http://[host]/sql.php?lang=3Dde-utf-8&server=3D1&collation_connection=3Dutf=
8_general_ci&db=3D[database]&table=3Dfu&goto=3Dtbl_properties_structure.php=
&back=3Dtbl_properties_structure.php&sql_query=3D[code]

The vulnerability has been confirmed in version 2.8.0.3 and has also
been reported in version 2.7.0-pl1. Other versions may also be
affected.

SOLUTION:
Do not visit untrusted web sites while being logged into the
administration interface.

PROVIDED AND/OR DISCOVERED BY:
p0w3r

=2D---------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

=2D---------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=3Dicesik%40mail.ru

=2D---------------------------------------------------------------------


--Boundary-01=_Fm3QE3PJVHR2OcC--

--nextPart1177259.K5lWgJh7Nc
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQBEQ3mJOBELD6yTwyQRAg1qAJ92+kArUJeJSsy0faykqd0d5gK9iACfR+dt
xB5xnq7BJ1sVBTNnn7ISDbc=
=4Jeq
-----END PGP SIGNATURE-----

--nextPart1177259.K5lWgJh7Nc--