News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Hardened-PHP Project:
phpMyAdmin - error.php XSS Vulnerability
November 02, 2006 @ 13:04:00

The Hardened-PHP project has released another vulnerability today, this time for the popular phpMyAdmin database management package concerning an issue with the "error.php" file being open to an XSS vulnerability.

It was discovered that phpMyAdmin comes with a script to display error messages that supports displaying the error in a user supplied charset. Unfortunately the encoding of the error message is not taking the charset into account which can result into XSS when UTF-7 is selected. (Other charsets like US-ASCII can also be used to exploit this in some browsers.)

There is no proof of concept posted for this exploit and, since it only effects phpMyAdmin versions 2.9.0.2 and lower, it's suggested that you update to the latest release as soon as possible to correct the issue.

0 comments voice your opinion now!
vulnerability phpmyadmin error cross site scripting download vulnerability phpmyadmin error cross site scripting download


blog comments powered by Disqus

Similar Posts

Douglas Brown's Blog: Quick Methods Used for Solving PHP Errors

Sephiroth.it: Debugging PHP with XDebug

John Mertic's Blog: PHP 5.2.5 Windows Installer now working

DZone.com: PHP 5.4 Will Have a Built-in Web Server

Edin Kadribasic's Blog: PHP 4.4.6-win32 with MySQL 5.0.36


Community Events

Don't see your event here?
Let us know!


threedevsandamaybe development introduction podcast interview language framework series opinion release unittest voicesoftheelephpant feature community laravel api library extension wordpress laravel5

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework