Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

xss in phpmyadmin <= 2.8.1
From: alfa () virtuax be
Date: 12 Jan 2007 11:59:41 -0000
although >= v2.8.2 isn't vulnerable anymore, i still think this issue is important because phpmyadmin.net still offers 
2.7.2-pl2 for download on their website and this is a vulnerable version.

it's an xss bug that wasn't fixed properly (reference: 
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-3)

$convcharset is still vulnerable for xss attackts but only in IE < 7.

All phpmyadmin <= 2.8.1 seem to be vulnerable.

an Advisory can be found here:

http://www.virtuax.be/advisories/Advisory1-12012007.txt

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]