There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
 
Tag Cloud
access audio avg avg 8 bios blue screen boot browser bsod computer cpu crash css dell desktop driver drivers dvd email error excel explorer firefox firefox 3 freeze gimp graphics hard drive hardware hijackthis hjt install internet internet explorer itunes keyboard laptop macro malware missing monitor network networking outlook outlook 2003 outlook 2007 outlook express password popups problem problems router seo server slow sound sp3 spyware trojan usb video virtumonde virus vista vundo windows windows vista windows xp winxp wireless
Web Design & Development
Search
Search in:
 
Advanced Search
Tech Support Guy Forums > Internet & Networking > Web Design & Development >
phpMyAdmin PmaAbsoluteUri, zero_rows or sql_query parameters cross-site scripting


HELLO AND WELCOME! Before you can post your question, you'll have to register -- it's completely free! Click here to join today! We highly recommend that you print a copy of our Guide for New Members. Enjoy!

 
Thread Tools
eddie5659's Avatar
Computer Specs
Moderator with 18,328 posts.
  
Join Date: Mar 2001
Location: Bradford, England
20-Nov-2004, 01:46 PM #1
Exclamation phpMyAdmin PmaAbsoluteUri, zero_rows or sql_query parameters cross-site scripting
Hiya

phpMyAdmin is a graphical PHP program that allows users to perform basic MySQL database administration over the Web. phpMyAdmin versions prior to 2.6.0-pl3 are vulnerable to cross-site scripting. A remote attacker could embed malicious script in the PmaAbsoluteUri parameter in a specially-crafted URL request, or embed malicious script in the zero_rows or the sql_query parameter in a specially-crafted URL request to the read_dump.php script, which would be executed in the victim's Web browser within the security context of the hosting site, once the link is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

Platforms Affected:

Tobias Ratschiller: phpMyAdmin prior to 2.6.0-pl3
Various: Any operating system Any version


http://xforce.iss.net/xforce/xfdb/18158

eddie
__________________
Just go with the flow, like a twig on the shoulders of a mighty stream
Reply

« Previous Thread | Web Design & Development | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are Off
Refbacks are Off

Related Sites: Support.com | Tech Gift Ideas | Mobile TechGuy | Advertise on TSG
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 12:17 AM.
Copyright © 1996 - 2008 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2008, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0
Powered by Cermak Technologies, Inc.