phpPgAdmin versions 3.5 through 4.1.1 suffer from a cross site scripting vulnerability.
41861f832f4f404ef0ec4c6b49c08d35------=_Part_25754_4061665.1180272607070
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Synopsis: Multiple XSS Vulnerabilities
Introduction:
phpPgAdmin is a web-based administration tool for PostgreSQL.
Details:
phpPgAdmin doesn't correctly sanitize data in $_SERVER array and most of the
scripts make direct use of PHP_SELF.
PoC:
http://www.test.com/redirect.php/%22%3E%3Cscript%3Ealert(%22XSS%22)%3C/script%3E?subject=server&server=test
This was tested on versions 3.5 to 4.1.1 as not logged user. Other versions
may also be vulnerable.
Regards Michal Majchrowicz.
Hack.pl
------=_Part_25754_4061665.1180272607070
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Synopsis: Multiple XSS Vulnerabilities<br><br>Introduction:<br>phpPgAdmin is a web-based administration tool for PostgreSQL.<br><br>Details:<br>phpPgAdmin doesn't correctly sanitize data in $_SERVER array and most of the scripts make direct use of PHP_SELF.
<br><br>PoC:<br><a href="http://www.test.com/redirect.php/%22%3E%3Cscript%3Ealert(%22XSS%22)%3C/script%3E?subject=server&server=test">http://www.test.com/redirect.php/%22%3E%3Cscript%3Ealert(%22XSS%22)%3C/script%3E?subject=server&server=test
</a><br>This was tested on versions 3.5 to 4.1.1 as not logged user. Other versions may also be vulnerable.<br><br>Regards Michal Majchrowicz.<br>Hack.pl<br>
------=_Part_25754_4061665.1180272607070--
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!