ALT Linux Sisyphus discussions
 help / color / mirror / Atom feed
* [sisyphus] Fwd: [SA19659] phpMyAdmin "sql_query" Cross-Site Scripting and SQL Code Execution
@ 2006-04-17 11:18 Igor Zubkov
  2006-04-17 12:13 ` Michael Shigorin
  2006-04-17 17:34 ` Anton Gorlov
  0 siblings, 2 replies; 6+ messages in thread
From: Igor Zubkov @ 2006-04-17 11:18 UTC (permalink / raw)
  To: ALT Linux Sisyphus discussion list


[-- Attachment #1.1: Type: text/plain, Size: 94 bytes --]

Привет, Всем!

Всем "счастливым" обладателям phpMyAdmin посвящается.

-- 
Звери - Игра в Себя

[-- Attachment #1.2: Secunia Security Advisories <sec-adv@secunia.com>: [SA19659] phpMyAdmin "sql_query" Cross-Site Scripting and SQL Code Execution --]
[-- Type: message/rfc822, Size: 3132 bytes --]


enied by domain of secunia.com) client-ip=3D213.150.41.240; envelope-from=
=3Dca@secunia.com; helo=3Dsecunia.com;
Received: (qmail 27140 invoked by uid 507); 17 Apr 2006 11:04:10 -0000
Date: 17 Apr 2006 11:04:10 -0000
Message-ID: <20060417110410.27139.qmail@secunia.com>
To: icesik@mail.ru
Subject: [SA19659] phpMyAdmin "sql_query" Cross-Site Scripting and SQL Code=
 Execution
=46rom: Secunia Security Advisories <sec-adv@secunia.com>
Content-Type: text/plain;
  charset=3D"US-ASCII"
Content-Transfer-Encoding: 7bit
X-Spam: Not detected


TITLE:
phpMyAdmin "sql_query" Cross-Site Scripting and SQL Code Execution

SECUNIA ADVISORY ID:
SA19659

VERIFY ADVISORY:
http://secunia.com/advisories/19659/

CRITICAL:
Less critical

IMPACT:
Security Bypass, Cross Site Scripting

WHERE:
=46rom remote

SOFTWARE:
phpMyAdmin 2.x
http://secunia.com/product/1720/
phpMyAdmin 1.x
http://secunia.com/product/1719/

DESCRIPTION:
p0w3r has discovered a vulnerability in phpMyAdmin, which can be
exploited by malicious people to conduct cross-site scripting attacks
and execute arbitrary SQL code.

Input passed to the "sql_query" parameter in sql.php is not properly
sanitised before being used. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in context
of an affected site or execute arbitrary SQL code by tricking an
administrative user into following a specially crafted link while
being logged in.

Example:
http://[host]/sql.php?lang=3Dde-utf-8&server=3D1&collation_connection=3Dutf=
8_general_ci&db=3D[database]&table=3Dfu&goto=3Dtbl_properties_structure.php=
&back=3Dtbl_properties_structure.php&sql_query=3D[code]

The vulnerability has been confirmed in version 2.8.0.3 and has also
been reported in version 2.7.0-pl1. Other versions may also be
affected.

SOLUTION:
Do not visit untrusted web sites while being logged into the
administration interface.

PROVIDED AND/OR DISCOVERED BY:
p0w3r

=2D---------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

=2D---------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=3Dicesik%40mail.ru

=2D---------------------------------------------------------------------


[-- Attachment #2: Type: application/pgp-signature, Size: 191 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2006-04-17 19:43 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2006-04-17 11:18 [sisyphus] Fwd: [SA19659] phpMyAdmin "sql_query" Cross-Site Scripting and SQL Code Execution Igor Zubkov
2006-04-17 12:13 ` Michael Shigorin
2006-04-17 15:19   ` Ivan Adzhubey
2006-04-17 17:34 ` Anton Gorlov
2006-04-17 18:23   ` Igor Zubkov
2006-04-17 19:43     ` Anton Gorlov

ALT Linux Sisyphus discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://lore.altlinux.org/sisyphus/0 sisyphus/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 sisyphus sisyphus/ http://lore.altlinux.org/sisyphus \
		sisyphus@altlinux.ru sisyphus@altlinux.org sisyphus@lists.altlinux.org sisyphus@lists.altlinux.ru sisyphus@lists.altlinux.com sisyphus@linuxteam.iplabs.ru sisyphus@list.linux-os.ru
	public-inbox-index sisyphus

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://lore.altlinux.org/org.altlinux.lists.sisyphus


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git