Full Disclosure mailing list archives
phpPgAdmin Multiple XSS Vulnerabilities
From: "Michal Majchrowicz" <m.majchrowicz () gmail com>
Date: Sun, 27 May 2007 15:30:07 +0200
Synopsis: Multiple XSS Vulnerabilities Introduction: phpPgAdmin is a web-based administration tool for PostgreSQL. Details: phpPgAdmin doesn't correctly sanitize data in $_SERVER array and most of the scripts make direct use of PHP_SELF. PoC: http://www.test.com/redirect.php/%22%3E%3Cscript%3Ealert(%22XSS%22)%3C/script%3E?subject=server&server=test This was tested on versions 3.5 to 4.1.1 as not logged user. Other versions may also be vulnerable. Regards Michal Majchrowicz. Hack.pl
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- phpPgAdmin Multiple XSS Vulnerabilities Michal Majchrowicz (May 27)