PHPMyAdmin Table参数跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1194262 漏洞类型 跨站脚本
发布时间 2006-06-30 更新时间 2006-11-24
CVE编号 CVE-2006-3388 CNNVD-ID CNNVD-200607-058
漏洞平台 N/A CVSS评分 5.8
|漏洞来源
https://www.securityfocus.com/bid/18754
https://cxsecurity.com/issue/WLB-2006070045
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200607-058
|漏洞详情
phpMyAdmin2.8.2之前版本存在跨站脚本攻击(XSS)漏洞,远程攻击者可通过table参数注入任意Web脚本或HTML。
|漏洞EXP
-------------------------------------------------------------------
[#] Security Advisory #3
[^] http://securitynews.ir/

[>] Advisory Title: phpMyAdmin : Cross-Site Scripting Vulnerability
[@] Author : bug [@] securitynews.ir
[$] Product Vendor : http://www.phpmyadmin.net/
[.] Affected Versions : 2.8.1 (and maybe before)
[/] Release Date : 06/30/2006
-------------------------------------------------------------------
[*] Overview :
phpMyAdmin is a tool written in PHP intended to handle the
administration of MySQL over the Web .
A XSS bug has been found in phpMyAdmin 2.8.1 .

[*] Details :
No exploitable details are going to be released .

[*] Solution :
Upgrade to the new version (2.8.2) :
http://www.phpmyadmin.net/home_page/downloads.php

[*] References :
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-4

---------------------------------------------------
http://securitynews.ir/advisories/phpmyadmin281.txt
|受影响的产品
S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 10.1
|参考资料

来源:BID
名称:18754
链接:http://www.securityfocus.com/bid/18754
来源:BUGTRAQ
名称:20060630phpMyAdmin:Cross-SiteScriptingVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/438870/100/0/threaded
来源:VUPEN
名称:ADV-2006-2622
链接:http://www.frsirt.com/english/advisories/2006/2622
来源:MISC
链接:http://securitynews.ir/advisories/phpmyadmin281.txt
来源:SECUNIA
名称:20907
链接:http://secunia.com/advisories/20907
来源:www.phpmyadmin.net
链接:http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-4
来源:XF
名称:phpmyadmin-table-xss(27493)
链接:http://xforce.iss.net/xforce/xfdb/27493
来源:SREASON
名称:1194
链接:http://securityreason.com/securityalert/1194
来源:SECUNIA
名称:23086
链接:http://secunia.com/advisories/23086
来源:SUSE
名称:SUSE-SA:2006:071
链接:http://lists.suse.com/archive/suse-security-announce/2006-Nov/0010.html