This bulletin was written by Vigil@nce : http://vigilance.fr/

SYNTHESIS OF THE VULNERABILITY

An attacker can use multiple features to generate several Cross Site Scripting in phpMyAdmin.

 Severity: 2/4
 Creation date: 23/08/2010

DESCRIPTION OF THE VULNERABILITY

The phpMyAdmin server is used to administer a MySQL database via a web browser.

Several pages do not correctly checks data passed via URL :
 "field_str" parameter to db_search.php
 "delimiter" parameter to db_sql.php
 "sort" parameter to db_structure.php
 "db" parameter to js/messages.php
 "sort_by" parameter to server_databases.php
 "checkprivs", "dbname", "pred_tablename", "selected_usr[]", "tablename", and "username" parameters to server_privileges.php
 "DefaultLang" parameter to setup/config.php
 "cpurge", "goto", "purge", "purgekey", "table", and "zero_rows" parameters to sql.php
 "fields[multi_edit][]" parameter to tbl_replace.php

An attacker can therefore use multiple features to generate several Cross Site Scripting in phpMyAdmin.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/p...