正文

PHPMyAdmin 多个跨站脚本攻击(XSS)漏洞

admin
admin V管理员 /0 评论 /6 阅读
1231
此篇文章发布距今已超过1225天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

PHPMyAdmin 多个跨站脚本攻击(XSS)漏洞

  • CNNVD编号:CNNVD-200503-012
    • <!--
  • 危害等级: 中危-->
  • 危害等级: 中危
  • CVE编号: CVE-2004-1055
  • 漏洞类型: 跨站脚本
  • 发布时间: 2005-03-01
  • 威胁类型: 远程
  • 更新时间: 2007-01-02
  • 厂        商: phpmyadmin
  • 漏洞来源: Discovery of this ...

漏洞简介

phpMyAdmin 2.6.0-pl2及更早版本中存在多个跨站脚本攻击(XSS)漏洞,远程攻击者可以通过(1) PmaAbsoluteUri参数、(2) read_dump.php中的zero_rows参数、(3) confirm表格或(4) 内部phpMyAdmin解析器生成的出错信息注入任意web脚本或HTML。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:

phpMyAdmin phpMyAdmin 2.5 .0

phpMyAdmin phpMyAdmin 2.6.0-pl3

http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.6.0-pl3.tar.gz?download

phpMyAdmin phpMyAdmin 2.5.1

phpMyAdmin phpMyAdmin 2.6.0-pl3

http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.6.0-pl3.tar.gz?download

phpMyAdmin phpMyAdmin 2.5.2

phpMyAdmin phpMyAdmin 2.6.0-pl3

http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.6.0-pl3.tar.gz?download

SuSE phpMyAdmin-2.5.3-34.noarch.rpm

ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/noarch/phpMyAdmin-2.

5.3-34.noarch.rpm

phpMyAdmin phpMyAdmin 2.5.4

phpMyAdmin phpMyAdmin 2.6.0-pl3

http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.6.0-pl3.tar.gz?download

phpMyAdmin phpMyAdmin 2.5.5 -rc2

phpMyAdmin phpMyAdmin 2.6.0-pl3

http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.6.0-pl3.tar.gz?download

phpMyAdmin phpMyAdmin 2.5.5

phpMyAdmin phpMyAdmin 2.6.0-pl3

http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.6.0-pl3.tar.gz?download

phpMyAdmin phpMyAdmin 2.5.5 -rc1

phpMyAdmin phpMyAdmin 2.6.0-pl3

http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.6.0-pl3.tar.gz?download

phpMyAdmin phpMyAdmin 2.5.5 pl1

phpMyAdmin phpMyAdmin 2.6.0-pl3

http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.6.0-pl3.tar.gz?download

phpMyAdmin phpMyAdmin 2.5.6 -rc1

phpMyAdmin phpMyAdmin 2.6.0-pl3

http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.6.0-pl3.tar.gz?download

SuSE phpMyAdmin-2.5.6-34.4.noarch.rpm

ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/noarch/phpMyAdmin-2.5.6-34.4.noarch.rpm

phpMyAdmin phpMyAdmin 2.5.7

phpMyAdmin phpMyAdmin 2.6.0-pl3

http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.6.0-pl3.tar.gz?download

phpMyAdmin phpMyAdmin 2.5.7 pl1

phpMyAdmin phpMyAdmin 2.6.0-pl3

http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.6.0-pl3.tar.gz?download

phpMyAdmin phpMyAdmin 2.6 .0pl1

phpMyAdmin phpMyAdmin 2.6.0-pl3

http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.6.0-pl3.tar.gz?download

SuSE phpMyAdmin-2.6.0-4.4.noarch.rpm

ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/noarch/phpMyAdmin-2.6.0-4.4.noarch.rpm

phpMyAdmin phpMyAdmin 2.6 .0pl2

phpMyAdmin phpMyAdmin 2.6.0-pl3

http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.6.0-pl3.tar.gz?download

参考网址

来源: XF

名称: phpmyadmin-multiple-xss(18158)

链接:http://xforce.iss.net/xforce/xfdb/18158

来源: www.phpmyadmin.net

链接:http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2004-3

来源: MISC

链接:http://www.netvigilance.com/html/advisory0005.htm

受影响实体

  • Phpmyadmin Phpmyadmin:2.5.0  
    <!--
    2000-1-1
    -->
  • Phpmyadmin Phpmyadmin:2.5.1  
    <!--
    2000-1-1
    -->
  • Phpmyadmin Phpmyadmin:2.5.2  
    <!--
    2000-1-1
    -->
  • Phpmyadmin Phpmyadmin:2.5.4  
    <!--
    2000-1-1
    -->
  • Phpmyadmin Phpmyadmin:2.5.5  
    <!--
    2000-1-1
    -->

补丁

    暂无