phpMyAdmin 多个跨站攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111039 漏洞类型 跨站脚本
发布时间 2006-09-15 更新时间 2007-01-21
CVE编号 CVE-2006-6942 CNNVD-ID CNNVD-200701-293
漏洞平台 PHP CVSS评分 6.8
|漏洞来源
https://www.exploit-db.com/exploits/29061
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200701-293
|漏洞详情
PhpMyAdmin2.9.1.1之前版本中存在多个跨站攻击漏洞。远程攻击者可以借助(1)利用(a)db_operations.php对表格名进行的评论,提交到(b)db_create.php的(2)db参数,到db_operations.php的(3)新名字参数,到(c)querywindow.php的(4)query_history_latest,(5)query_history_latest_db和(6)querydisplay_tabanshu以及到(d)sql.php的(7)pos参数,注入任意的HTML或web脚本。
|漏洞EXP
source: http://www.securityfocus.com/bid/21137/info
   
phpMyAdmin is prone to multiple input-validation vulnerabilities, including an HTML-injection vulnerability, cross-site scripting vulnerabilities, and information-disclosure vulnerabilities.
   
An attacker could exploit these vulnerabilities to view sensitive information or to have arbitrary script code execute in the context of the affected site, which may allow the attacker to steal cookie-based authentication credentials or change the way the site is rendered to the user. Data gained could aid in further attacks.
   
All versions of phpMyAdmin are vulnerable.

http://www.example.com/phpmyadmin/sql.php?db=information_schema&token=your_token&goto=db_details_structure.php&table=CHARACTER_SETS&pos=</textarea>'"><script>alert(document.cookie)</script>
|参考资料

来源:www.phpmyadmin.net
链接:http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-7
来源:BUGTRAQ
名称:20061116PhpMyAdminallversion[multiplesvulnerability]
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=116370414309444&w=2
来源:XF
名称:phpmyadmin-multiple-parameter-xss(30310)
链接:http://xforce.iss.net/xforce/xfdb/30310
来源:DEBIAN
名称:DSA-1370
链接:http://www.us.debian.org/security/2007/dsa-1370
来源:BID
名称:21137
链接:http://www.securityfocus.com/bid/21137
来源:VUPEN
名称:ADV-2006-4572
链接:http://www.frsirt.com/english/advisories/2006/4572
来源:SECUNIA
名称:26733
链接:http://secunia.com/advisories/26733