phpMyAdmin 'pmd_pdf.php'模块跨站脚本漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1116503 漏洞类型 跨站脚本
发布时间 2008-10-27 更新时间 2009-03-19
CVE编号 CVE-2008-4775 CNNVD-ID CNNVD-200810-484
漏洞平台 PHP CVSS评分 2.6
|漏洞来源
https://www.exploit-db.com/exploits/32531
https://www.securityfocus.com/bid/31928
https://cxsecurity.com/issue/WLB-2008100074
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200810-484
|漏洞详情
phpMyAdmin是用PHP编写的工具,用于通过WEB管理MySQL。phpMyAdmin的pmd_pdf.php模块没有正确地验证对db参数的输入便返回给了用户,远程攻击者可以通过提交恶意请求执行跨站脚本攻击,导致在用户浏览器会话中执行任意HTML和脚本代码。成功攻击要求打开了register_globals且拥有有效的用户凭据。
|漏洞EXP
source: http://www.securityfocus.com/bid/31928/info

phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. 

http://www.example.com/pmd_pdf.php?db=>"><script>alert('Hadi-Kiamarsi')</script>
|受影响的产品
Typo3 phpMyAdmin 4.1 Typo3 phpMyAdmin 3.4 Typo3 phpMyAdmin 3.3 Typo3 phpMyAdmin 3.2 Typo3 phpMyAdmin 3.0.1 Typo3 phpMyAdmin 3.0 Turbolinux Appliance Serv
|参考资料

来源:FEDORA
名称:FEDORA-2008-9336
链接:https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00925.html
来源:FEDORA
名称:FEDORA-2008-9316
链接:https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00908.html
来源:XF
名称:phpmyadmin-pmdpdf-xss(46136)
链接:http://xforce.iss.net/xforce/xfdb/46136
来源:BID
名称:31928
链接:http://www.securityfocus.com/bid/31928
来源:BUGTRAQ
名称:20081027XSSinphpMyadmin
链接:http://www.securityfocus.com/archive/1/archive/1/497815/100/0/threaded
来源:VUPEN
名称:ADV-2008-2943
链接:http://www.frsirt.com/english/advisories/2008/2943
来源:SREASON
名称:4516
链接:http://securityreason.com/securityalert/4516
来源:GENTOO
名称:GLSA-200903-32
链接:http://security.gentoo.org/glsa/glsa-200903-32.xml
来源:SECUNIA
名称:32482
链接:http://secunia.com/advisories/32482
来源:SECUNIA
名称:32449
链接:http://secunia.com/advisories/32449