Exploit phpMyAdmin 3.3.0 - 'db' Cross-Site Scripting

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
33060
Проверка EDB
  1. Пройдено
Автор
R0T
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
N/A
Дата публикации
2009-05-30
Код:
source: https://www.securityfocus.com/bid/35531/info

phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

The following versions are affected:

phpMyAdmin 3.2.0.1
phpMyAdmin 3.2.1-dev
phpMyAdmin 3.3.0-dev
phpMyAdmin 2.11.10-dev
phpMyAdmin 3.2.0-rc1

Other versions may also be affected. 

http://www.example.com/MAINT_3_2_0/index.php?db=%22%3E%27%3E%3Cscript%3Ealert%28%2Fr0t%2F%29%3C%2Fscript%3E&token=f70d8ec4305c5a877f56c14554aced10
 
Источник
www.exploit-db.com

Похожие темы