* [sisyphus] Fwd: [SA19659] phpMyAdmin "sql_query" Cross-Site Scripting and SQL Code Execution
@ 2006-04-17 11:18 Igor Zubkov
2006-04-17 12:13 ` Michael Shigorin
2006-04-17 17:34 ` Anton Gorlov
0 siblings, 2 replies; 6+ messages in thread
From: Igor Zubkov @ 2006-04-17 11:18 UTC (permalink / raw)
To: ALT Linux Sisyphus discussion list
[-- Attachment #1.1: Type: text/plain, Size: 94 bytes --]
Привет, Всем!
Всем "счастливым" обладателям phpMyAdmin посвящается.
--
Звери - Игра в Себя
[-- Attachment #1.2: Secunia Security Advisories <sec-adv@secunia.com>: [SA19659] phpMyAdmin "sql_query" Cross-Site Scripting and SQL Code Execution --]
[-- Type: message/rfc822, Size: 3132 bytes --]
enied by domain of secunia.com) client-ip=3D213.150.41.240; envelope-from=
=3Dca@secunia.com; helo=3Dsecunia.com;
Received: (qmail 27140 invoked by uid 507); 17 Apr 2006 11:04:10 -0000
Date: 17 Apr 2006 11:04:10 -0000
Message-ID: <20060417110410.27139.qmail@secunia.com>
To: icesik@mail.ru
Subject: [SA19659] phpMyAdmin "sql_query" Cross-Site Scripting and SQL Code=
Execution
=46rom: Secunia Security Advisories <sec-adv@secunia.com>
Content-Type: text/plain;
charset=3D"US-ASCII"
Content-Transfer-Encoding: 7bit
X-Spam: Not detected
TITLE:
phpMyAdmin "sql_query" Cross-Site Scripting and SQL Code Execution
SECUNIA ADVISORY ID:
SA19659
VERIFY ADVISORY:
http://secunia.com/advisories/19659/
CRITICAL:
Less critical
IMPACT:
Security Bypass, Cross Site Scripting
WHERE:
=46rom remote
SOFTWARE:
phpMyAdmin 2.x
http://secunia.com/product/1720/
phpMyAdmin 1.x
http://secunia.com/product/1719/
DESCRIPTION:
p0w3r has discovered a vulnerability in phpMyAdmin, which can be
exploited by malicious people to conduct cross-site scripting attacks
and execute arbitrary SQL code.
Input passed to the "sql_query" parameter in sql.php is not properly
sanitised before being used. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in context
of an affected site or execute arbitrary SQL code by tricking an
administrative user into following a specially crafted link while
being logged in.
Example:
http://[host]/sql.php?lang=3Dde-utf-8&server=3D1&collation_connection=3Dutf=
8_general_ci&db=3D[database]&table=3Dfu&goto=3Dtbl_properties_structure.php=
&back=3Dtbl_properties_structure.php&sql_query=3D[code]
The vulnerability has been confirmed in version 2.8.0.3 and has also
been reported in version 2.7.0-pl1. Other versions may also be
affected.
SOLUTION:
Do not visit untrusted web sites while being logged into the
administration interface.
PROVIDED AND/OR DISCOVERED BY:
p0w3r
=2D---------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
=2D---------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=3Dicesik%40mail.ru
=2D---------------------------------------------------------------------
[-- Attachment #2: Type: application/pgp-signature, Size: 191 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [sisyphus] Fwd: [SA19659] phpMyAdmin "sql_query" Cross-Site Scripting and SQL Code Execution
2006-04-17 11:18 [sisyphus] Fwd: [SA19659] phpMyAdmin "sql_query" Cross-Site Scripting and SQL Code Execution Igor Zubkov
@ 2006-04-17 12:13 ` Michael Shigorin
2006-04-17 15:19 ` Ivan Adzhubey
2006-04-17 17:34 ` Anton Gorlov
1 sibling, 1 reply; 6+ messages in thread
From: Michael Shigorin @ 2006-04-17 12:13 UTC (permalink / raw)
To: ALT Linux Sisyphus discussion list
On Mon, Apr 17, 2006 at 02:18:29PM +0300, Igor Zubkov wrote:
> Всем "счастливым" обладателям phpMyAdmin посвящается.
Э, стоп. Я давно бросил это в отдельный архив складывать
на тот случай, если апдейт буду делать, так что сюда в качестве
примера форвардил. А счастье там такое ежемесячно.
.htaccess в пакете не зря положен.
--
---- WBR, Michael Shigorin <mike@altlinux.ru>
------ Linux.Kiev http://www.linux.kiev.ua/
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [sisyphus] Fwd: [SA19659] phpMyAdmin "sql_query" Cross-Site Scripting and SQL Code Execution
2006-04-17 12:13 ` Michael Shigorin
@ 2006-04-17 15:19 ` Ivan Adzhubey
0 siblings, 0 replies; 6+ messages in thread
From: Ivan Adzhubey @ 2006-04-17 15:19 UTC (permalink / raw)
To: ALT Linux Sisyphus discussion list
On Monday 17 April 2006 08:13, Michael Shigorin wrote:
> On Mon, Apr 17, 2006 at 02:18:29PM +0300, Igor Zubkov wrote:
> > Всем "счастливым" обладателям phpMyAdmin посвящается.
>
> Э, стоп. Я давно бросил это в отдельный архив складывать
> на тот случай, если апдейт буду делать, так что сюда в качестве
> примера форвардил. А счастье там такое ежемесячно.
>
> .htaccess в пакете не зря положен.
Я вообще никакие удаленные интерфейсы управления чем-либо на сервере (тем
более - web-based) никогда не делаю доступными извне. Только localhost, а
если нужен доступ из интернета - ssh + port forwarding и
авторизация/шифрование трафика средствами ssh. Не вижу причин как-то выделять
phpMyAdmin в смысле безопасности - дырки везде есть.
--
Иван
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [sisyphus] Fwd: [SA19659] phpMyAdmin "sql_query" Cross-Site Scripting and SQL Code Execution
2006-04-17 11:18 [sisyphus] Fwd: [SA19659] phpMyAdmin "sql_query" Cross-Site Scripting and SQL Code Execution Igor Zubkov
2006-04-17 12:13 ` Michael Shigorin
@ 2006-04-17 17:34 ` Anton Gorlov
2006-04-17 18:23 ` Igor Zubkov
1 sibling, 1 reply; 6+ messages in thread
From: Anton Gorlov @ 2006-04-17 17:34 UTC (permalink / raw)
To: ALT Linux Sisyphus discussion list
Igor Zubkov пишет:
> Всем "счастливым" обладателям phpMyAdmin посвящается.
А нефиг его выставлять наружу.
--
np: Amon Amarth - An Ancient Sign Of Coming Storm
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2006-04-17 19:43 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2006-04-17 11:18 [sisyphus] Fwd: [SA19659] phpMyAdmin "sql_query" Cross-Site Scripting and SQL Code Execution Igor Zubkov
2006-04-17 12:13 ` Michael Shigorin
2006-04-17 15:19 ` Ivan Adzhubey
2006-04-17 17:34 ` Anton Gorlov
2006-04-17 18:23 ` Igor Zubkov
2006-04-17 19:43 ` Anton Gorlov
ALT Linux Sisyphus discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/sisyphus/0 sisyphus/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 sisyphus sisyphus/ http://lore.altlinux.org/sisyphus \
sisyphus@altlinux.ru sisyphus@altlinux.org sisyphus@lists.altlinux.org sisyphus@lists.altlinux.ru sisyphus@lists.altlinux.com sisyphus@linuxteam.iplabs.ru sisyphus@list.linux-os.ru
public-inbox-index sisyphus
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.sisyphus
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git