FreeBSD phpmyadmin — Cross Site Scripting Vulnerabilities Fix

by on June 3, 2008 · 0 comments· Last updated July 3, 2008

An unpatched security hole in phpMyAdmin can be exploited by malicious people to conduct cross-site scripting attacks under FreeBSD. This also applies to phpmyadmin version under other UNIX like oses.

Input passed via unspecified parameters to files in /libraries is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Successful exploitation requires that "register_globals" is enabled and support for ".htaccess" files is disabled.

How do I fix this issue under FreeBSD?

Login as root user and type the following two commands:
# portsnap fetch extract
# portuprade -a



You should follow me on twitter here or grab rss feed to keep track of new changes.

Featured Articles:

{ 0 comments… add one now }

Leave a Comment

You can use these HTML tags and attributes for your code and commands: <strong> <em> <ol> <li> <u> <ul> <blockquote> <pre> <a href="" title="">
What is 7 + 3 ?
Please leave these two fields as-is:
Solve the simple math so we know that you are a human and not a bot.




Tagged as: , , , , , , , , , ,

Previous post:

Next post: