PHPMyAdmin Multiple Input Validation Vulnerabilities

TITLE: PHPMyAdmin Multiple Input Validation Vulnerabilities
CLASS: Input Validation Error
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: Sep 15 2006 12:00AM
UPDATE: Nov 28 2006 09:50PM
CREDIT: Laurent Gaffi and Benjamin Moss is credited with the discovery of these vulnerabilities.
VULNERABLE:

phpMyAdmin phpMyAdmin 2.9.1
phpMyAdmin phpMyAdmin 2.9 rc1
phpMyAdmin phpMyAdmin 2.9 .2
phpMyAdmin phpMyAdmin 2.9 .1
phpMyAdmin phpMyAdmin 2.9
phpMyAdmin phpMyAdmin 2.8.2
phpMyAdmin phpMyAdmin 2.8.1
phpMyAdmin phpMyAdmin 2.8 .4
phpMyAdmin phpMyAdmin 2.8 .3
phpMyAdmin phpMyAdmin 2.8 .1
phpMyAdmin phpMyAdmin 2.7 .0-beta1
phpMyAdmin phpMyAdmin 2.7 -pl1
phpMyAdmin phpMyAdmin 2.7
phpMyAdmin phpMyAdmin 2.6.4 -rc1
phpMyAdmin phpMyAdmin 2.6.4 -pl4
phpMyAdmin phpMyAdmin 2.6.4 -pl3
phpMyAdmin phpMyAdmin 2.6.4 -pl1
phpMyAdmin phpMyAdmin 2.6.3 -pl1
phpMyAdmin phpMyAdmin 2.6.2 -rc1
phpMyAdmin phpMyAdmin 2.6.2
+ Gentoo Linux
+ Gentoo Linux
phpMyAdmin phpMyAdmin 2.6.1 pl3
phpMyAdmin phpMyAdmin 2.6.1 pl1
phpMyAdmin phpMyAdmin 2.6.1 -rc1
phpMyAdmin phpMyAdmin 2.6.1
phpMyAdmin phpMyAdmin 2.6 .0pl3
phpMyAdmin phpMyAdmin 2.6 .0pl2
+ Gentoo Linux 1.4
+ Gentoo Linux 1.4
+ Gentoo Linux 1.4
+ Gentoo Linux
+ Gentoo Linux
+ Gentoo Linux
phpMyAdmin phpMyAdmin 2.6 .0pl1
phpMyAdmin phpMyAdmin 2.6
phpMyAdmin phpMyAdmin 2.5.7 pl1
phpMyAdmin phpMyAdmin 2.5.7
phpMyAdmin phpMyAdmin 2.5.6 -rc1
phpMyAdmin phpMyAdmin 2.5.5 pl1
phpMyAdmin phpMyAdmin 2.5.5 -rc2
phpMyAdmin phpMyAdmin 2.5.5 -rc1
phpMyAdmin phpMyAdmin 2.5.5
phpMyAdmin phpMyAdmin 2.5.4
phpMyAdmin phpMyAdmin 2.5.3
+ S.u.S.E. Linux Personal 9.3
+ S.u.S.E. Linux Personal 9.3
+ S.u.S.E. Linux Personal 9.3
+ S.u.S.E. Linux Personal 9.2 x86_64
+ S.u.S.E. Linux Personal 9.2 x86_64
+ S.u.S.E. Linux Personal 9.2 x86_64
+ S.u.S.E. Linux Personal 9.2
+ S.u.S.E. Linux Personal 9.2
+ S.u.S.E. Linux Personal 9.2
+ S.u.S.E. Linux Personal 9.1 x86_64
+ S.u.S.E. Linux Personal 9.1 x86_64
+ S.u.S.E. Linux Personal 9.1 x86_64
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 9.0
phpMyAdmin phpMyAdmin 2.5.2
phpMyAdmin phpMyAdmin 2.5.1
phpMyAdmin phpMyAdmin 2.5 .0
phpMyAdmin phpMyAdmin 2.4 .0
phpMyAdmin phpMyAdmin 2.3.2
phpMyAdmin phpMyAdmin 2.3.1
phpMyAdmin phpMyAdmin 2.2.6
phpMyAdmin phpMyAdmin 2.2.5
phpMyAdmin phpMyAdmin 2.2.4
phpMyAdmin phpMyAdmin 2.2.3
phpMyAdmin phpMyAdmin 2.2.2
phpMyAdmin phpMyAdmin 2.2 rc3
phpMyAdmin phpMyAdmin 2.2 rc2
phpMyAdmin phpMyAdmin 2.2 rc1
phpMyAdmin phpMyAdmin 2.2 pre2
phpMyAdmin phpMyAdmin 2.2 pre1
phpMyAdmin phpMyAdmin 2.2
phpMyAdmin phpMyAdmin 2.1 .2
phpMyAdmin phpMyAdmin 2.1 .1
phpMyAdmin phpMyAdmin 2.1
-Debian Linux 2.2 sparc
-Debian Linux 2.2 sparc
-Debian Linux 2.2 sparc
-Debian Linux 2.2 powerpc
-Debian Linux 2.2 powerpc
-Debian Linux 2.2 powerpc
-Debian Linux 2.2 arm
-Debian Linux 2.2 arm
-Debian Linux 2.2 arm
-Debian Linux 2.2 alpha
-Debian Linux 2.2 alpha
-Debian Linux 2.2 alpha
-Debian Linux 2.2 68k
-Debian Linux 2.2 68k
-Debian Linux 2.2 68k
-Debian Linux 2.2
-Debian Linux 2.2
-Debian Linux 2.2
-FreeBSD FreeBSD 4.2
-FreeBSD FreeBSD 4.2
-FreeBSD FreeBSD 4.2
-FreeBSD FreeBSD 3.5.1
-FreeBSD FreeBSD 3.5.1
-FreeBSD FreeBSD 3.5.1
-MandrakeSoft Linux Mandrake 7.2
-MandrakeSoft Linux Mandrake 7.2
-MandrakeSoft Linux Mandrake 7.2
-MandrakeSoft Linux Mandrake 7.1
-MandrakeSoft Linux Mandrake 7.1
-MandrakeSoft Linux Mandrake 7.1
-MandrakeSoft Linux Mandrake 7.0
-MandrakeSoft Linux Mandrake 7.0
-MandrakeSoft Linux Mandrake 7.0
-OpenBSD OpenBSD 2.8
-OpenBSD OpenBSD 2.8
-OpenBSD OpenBSD 2.8
-OpenBSD OpenBSD 2.7
-OpenBSD OpenBSD 2.7
-OpenBSD OpenBSD 2.7
-OpenBSD OpenBSD 2.6
-OpenBSD OpenBSD 2.6
-OpenBSD OpenBSD 2.6
-RedHat Linux 7.0
-RedHat Linux 7.0
-RedHat Linux 7.0
-RedHat Linux 6.2
-RedHat Linux 6.2
-RedHat Linux 6.2
-S.u.S.E. Linux 7.1
-S.u.S.E. Linux 7.1
-S.u.S.E. Linux 7.1
-S.u.S.E. Linux 7.0
-S.u.S.E. Linux 7.0
-S.u.S.E. Linux 7.0
-S.u.S.E. Linux 6.4
-S.u.S.E. Linux 6.4
-S.u.S.E. Linux 6.4
-Sun Solaris 7.0 _x86
-Sun Solaris 7.0 _x86
-Sun Solaris 7.0 _x86
-Sun Solaris 7.0
-Sun Solaris 7.0
-Sun Solaris 7.0
-Sun Solaris 2.6 _x86
-Sun Solaris 2.6 _x86
-Sun Solaris 2.6 _x86
-Sun Solaris 2.6
-Sun Solaris 2.6
-Sun Solaris 2.6
-Sun Solaris 8_x86
-Sun Solaris 8_x86
-Sun Solaris 8_x86
-Sun Solaris 8
-Sun Solaris 8
-Sun Solaris 8
phpMyAdmin phpMyAdmin 2.0.5
phpMyAdmin phpMyAdmin 2.0.4
phpMyAdmin phpMyAdmin 2.0.3
phpMyAdmin phpMyAdmin 2.0.2
phpMyAdmin phpMyAdmin 2.0.1
phpMyAdmin phpMyAdmin 2.0
phpMyAdmin phpMyAdmin 2.9.0.3
NOT VULNERABLE:
phpMyAdmin phpMyAdmin 2.9.1.1

Vai alla pagina originale su Security Focus

Discussion

PHPMyAdmin is prone to multiple input-validation vulnerabilities, including an HTML-injection vulnerability, cross-site scripting vulnerabilities, and information-disclosure vulnerabilities.

An attacker could exploit these vulnerabilities to view sensitive information or to have arbitrary script code execute in the context of the affected site, which may allow the attacker to steal cookie-based authentication credentials or change the way the site is rendered to the user. Data gained could aid in further attacks.

All versions of PHPMyAdmin are vulnerable.

Exploit

An attacker can exploit these issues via a web client. To exploit the cross-site scripting vulnerabilities, the attacker must entice an unsuspecting user to follow a malicious URI.

The following proof-of-concept URIs are available:

Solution

Solution:
The vendor has released version 2.9.1.1 to address these issues. Please see the refernces for more information.


phpMyAdmin phpMyAdmin 2.9.0.3


phpMyAdmin phpMyAdmin 2.0

phpMyAdmin phpMyAdmin 2.0.1

phpMyAdmin phpMyAdmin 2.0.2

phpMyAdmin phpMyAdmin 2.0.3

phpMyAdmin phpMyAdmin 2.0.4

phpMyAdmin phpMyAdmin 2.0.5

phpMyAdmin phpMyAdmin 2.1 .2

phpMyAdmin phpMyAdmin 2.1

phpMyAdmin phpMyAdmin 2.1 .1

phpMyAdmin phpMyAdmin 2.2 pre1

phpMyAdmin phpMyAdmin 2.2 rc3

phpMyAdmin phpMyAdmin 2.2 pre2

phpMyAdmin phpMyAdmin 2.2 rc2

phpMyAdmin phpMyAdmin 2.2

phpMyAdmin phpMyAdmin 2.2 rc1

phpMyAdmin phpMyAdmin 2.2.2

phpMyAdmin phpMyAdmin 2.2.3

phpMyAdmin phpMyAdmin 2.2.4

phpMyAdmin phpMyAdmin 2.2.5

phpMyAdmin phpMyAdmin 2.2.6

phpMyAdmin phpMyAdmin 2.3.1

phpMyAdmin phpMyAdmin 2.3.2

phpMyAdmin phpMyAdmin 2.4 .0

phpMyAdmin phpMyAdmin 2.5 .0

phpMyAdmin phpMyAdmin 2.5.1

phpMyAdmin phpMyAdmin 2.5.2

phpMyAdmin phpMyAdmin 2.5.3

phpMyAdmin phpMyAdmin 2.5.4

phpMyAdmin phpMyAdmin 2.5.5 -rc2

phpMyAdmin phpMyAdmin 2.5.5 -rc1

phpMyAdmin phpMyAdmin 2.5.5

phpMyAdmin phpMyAdmin 2.5.5 pl1

phpMyAdmin phpMyAdmin 2.5.6 -rc1

phpMyAdmin phpMyAdmin 2.5.7

phpMyAdmin phpMyAdmin 2.5.7 pl1

phpMyAdmin phpMyAdmin 2.6 .0pl2

phpMyAdmin phpMyAdmin 2.6

phpMyAdmin phpMyAdmin 2.6 .0pl1

phpMyAdmin phpMyAdmin 2.6 .0pl3

phpMyAdmin phpMyAdmin 2.6.1 pl3

phpMyAdmin phpMyAdmin 2.6.1 pl1

phpMyAdmin phpMyAdmin 2.6.1 -rc1

phpMyAdmin phpMyAdmin 2.6.1

phpMyAdmin phpMyAdmin 2.6.2

phpMyAdmin phpMyAdmin 2.6.2 -rc1

phpMyAdmin phpMyAdmin 2.6.3 -pl1

phpMyAdmin phpMyAdmin 2.6.4 -pl4

phpMyAdmin phpMyAdmin 2.6.4 -pl3

phpMyAdmin phpMyAdmin 2.6.4 -pl1

phpMyAdmin phpMyAdmin 2.6.4 -rc1

phpMyAdmin phpMyAdmin 2.7 -pl1

phpMyAdmin phpMyAdmin 2.7

phpMyAdmin phpMyAdmin 2.7 .0-beta1

phpMyAdmin phpMyAdmin 2.8 .1

phpMyAdmin phpMyAdmin 2.8 .3

phpMyAdmin phpMyAdmin 2.8 .4

phpMyAdmin phpMyAdmin 2.8.1

phpMyAdmin phpMyAdmin 2.8.2

phpMyAdmin phpMyAdmin 2.9 .2

phpMyAdmin phpMyAdmin 2.9 rc1

phpMyAdmin phpMyAdmin 2.9

phpMyAdmin phpMyAdmin 2.9 .1

phpMyAdmin phpMyAdmin 2.9.1

References

References:

PhpLog

BNLug Benevento Linux Users Group