about phpMyAdmin setup.php XSS vulnerability

From: Marc Delisle <Marc.Delisle@cegepsherbrooke.qc.ca>
To: bugtraq@securityfocus.com
Cc:
Subject: about phpMyAdmin setup.php XSS vulnerability
Date:


Hi,

phpMyAdmin version 2.11.1.1 was released to fix this, along with a 
security announcement: 
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-5

which contains a mitigating factor:

"We could only trigger it when using Internet Explorer with the 'send 
URLs as UTF8' setting disabled. The default value of this setting being 
'enabled' reduces the impact of this problem."

For distros who prefer a small patch:
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_1/phpMyAdmin/scripts/setup.php?r1=10637&r2=10748&view=patch

Marc Delisle, for the team





Copyright © 1995-2018 LinuxRocket.net. All rights reserved.