SNS Vulnerability

phpMyAdmin Directory Traversal and Cross Site Scripting Vulnerabilities

Description

Two vulnerabilities were identified in phpMyAdmin, which may be exploited by remote attackers to conduct directory traversal or cross site scripting attacks.
The first issue is due to input validation errors in the "left.php", "queryframe.php", and "server_databases.php" scripts when processing specially crafted parameters, which may be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser.
The second flaw is due to input validation errors in various scripts that do not properly filter specially crafted parameters, which may be exploited by remote attackers to disclose the contents of arbitrary files.

Vulnerable Products

Vulnerable Software:
phpMyAdmin version 2.6.4-pl2 and prior

Solution

Upgrade to phpMyAdmin version 2.6.4-pl3 : http://www.phpmyadmin.net/home_page/downloads.php

CVE

CVE-2005-3301

References

http://www.hardened-php.net/advisory_162005.73.html
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-5

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL	3.2.0
XSS - Prevention - POST : suspicious tag with event found in data	3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL	3.2.0
XSS - Prevention - GET : javascript code in flash clickTAG parameter	3.2.0
XSS - Prevention - POST : suspicious 'object' tag found in data	3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL	3.2.0
XSS - Prevention - POST : suspicious 'applet' tag found in data	3.2.0
XSS - Prevention - POST : 'location' javascript object found in data	3.2.0
XSS - Phishing : suspicious 'div' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL	3.2.0
XSS - Prevention - POST : javascript code found in data	3.2.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data	3.2.0
XSS - Prevention - POST : code allowing cookie access found in data	3.2.0
XSS - Phishing : suspicious 'a' tag found in URL	3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL	3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL	3.2.0
XSS - Phishing : suspicious 'form' tag found in URL	3.2.0
XSS - Prevention - POST : suspicious 'embed' tag found in data	3.2.0
XSS - Prevention - POST : suspicious 'style' tag found in data	3.2.0
XSS - Prevention - GET : javascript code found in URL	3.2.0
XSS - Prevention - GET : 'script' tag in flash clickTAG parameter	3.2.0
XSS - Prevention - POST : suspicious 'div' tag found in data	3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL	3.2.0
XSS - Phishing : suspicious 'link' tag found in URL	3.2.0
XSS - Prevention - GET : 'script' tag found in URL	3.2.0
XSS - Prevention - POST : 'script' tag found in data	3.2.0
XSS - Prevention - POST : suspicious 'style' attribute found in data	3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL	3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL	3.2.0

Risk level

Moderate

Vulnerability First Public Report Date

2005-10-24

Target Type

Server

Possible exploit

Local & Remote