Article Options

phpMyAdmin XSS - A Quick Commentary

Wh1t3Rabbit| August 30, 2010
1 Comments

Wake up phpMyAdmin users - if you haven't updated to the latest version yet... what are you waiting for?  Haven't you seen the advisory the YEHG released?  Advisory, complete with some interesting screen shots here.

 

On 8/20/2010 the PHPMyAdmin folks released an advisory and patches... one you should take note of for a few reasons.  First off - having a Cross-Site Scripting (XSS) attack in your admin console for your system from a web-based console is usually a red light anyway - but one in a package as popular as phpMyAdmin ... well you can do your own math.

 

Actually, what caught my attention is the diff that was posted up to one of the setup scripts, as so:

 

--- a/scripts/setup.php

+++ b/scripts/setup.php

@@ -518,6 +518,7 @@ function get_cfg_val($name, $val) {

                 }

             }

             if ($type == 'string') {

+                $k = preg_replace('/[^A-Za-z0-9_]/', '_', $k);

                 $ret .= get_cfg_val($name . "['$k']", $v);

             } elseif ($type == 'int') {

                 $ret .= '    ' . PMA_var_export($v) . ',' . $crlf;

..

What you'll notice is the insertion of the regular expression replacement function (preg_replace) which sanitizes the $k variable - something that was clearly omitted before.

 

 Now, some would argue that Cross-Site Scripting isn't that critical of an issue ... but I think the folks over at phpMyAdmin did the right thing in classifying it as critical since this is on your administrative dashboard ... and for the most part if I can XSS your administrative dashboard it's lights-out.

 

Just something I thought you all should be aware of, since at last count Google says there are around 2MM results for the phpMyAdmin query string ...yikes.  I hope they're all patched up?

Labels: phpMyAdmin| web application vulnerability
Labels:
Comments
(anon) | ‎01-05-2011 12:06 PM
Options

Wow, nice. ;)

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.
Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
 
Search
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About the Author(s)


Follow Us
Community Announcements
50 Must Read IT Blogs