phpPgAdmin 'redirect.php'&login.php 跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1113020 漏洞类型 跨站脚本
发布时间 2007-05-25 更新时间 2009-01-21
CVE编号 CVE-2007-5728 CNNVD-ID CNNVD-200710-518
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/30090
https://www.securityfocus.com/bid/24182
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200710-518
|漏洞详情
phpPgAdmin3.5中存在跨站脚本攻击漏洞。远程攻击者可以借助(1)redirect.php,和(2)login.php的PHP_SELF中某些可用的输入信息,注入任意web脚本或HTML。
|漏洞EXP
source: http://www.securityfocus.com/bid/24182/info

phpPgAdmin is prone to a cross-site scripting vulnerability.

Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks. 

http://www.example.com/redirect.php/%22%3E%3Cscript%3Ealert(%22XSS%22)%3C/script%3E?subject=server&server=test
|受影响的产品
SuSE Linux 10.2 Phppgadmin Project Phppgadmin 4.1.1 Phppgadmin Project Phppgadmin 3.5.3 Phppgadmin Project Phppgadmin 3.5.2 + Debian Linux 3.1 sparc
|参考资料

来源:XF
名称:phppgadmin-redirect-xss(34550)
链接:http://xforce.iss.net/xforce/xfdb/34550
来源:BID
名称:24182
链接:http://www.securityfocus.com/bid/24182
来源:DEBIAN
名称:DSA-1693
链接:http://www.debian.org/security/2008/dsa-1693
来源:SECUNIA
名称:33263
链接:http://secunia.com/advisories/33263
来源:SECUNIA
名称:25446
链接:http://secunia.com/advisories/25446
来源:FULLDISC
名称:20070527phpPgAdminMultipleXSSVulnerabilities
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063617.html
来源:SUSE
名称:SUSE-SR:2007:024
链接:http://www.novell.com/linux/security/advisories/2007_24_sr.html
来源:SECUNIA
名称:27756
链接:http://secunia.com/advisories/27756