FreeBSD phpmyadmin — Cross Site Scripting Vulnerabilities Fix
An unpatched security hole in phpMyAdmin can be exploited by malicious people to conduct cross-site scripting attacks under FreeBSD. This also applies to phpmyadmin version under other UNIX like oses.
Input passed via unspecified parameters to files in /libraries is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Successful exploitation requires that "register_globals" is enabled and support for ".htaccess" files is disabled.
How do I fix this issue under FreeBSD?
Login as root user and type the following two commands:
# portsnap fetch extract
# portuprade -a
You may also be interested in other helpful articles:
- The mbstring PHP extension and phpMyAdmin error issue
- Take a FreeBSD Security Survey
- FreeBSD keep ports collection up to date in two easy steps
- FreeBSD Enable Security Port Auditing to Avoid Vulnerabilities With portaudit
- FreeBSD Apache Multiple Vulnerabilities Fix Available
Leave a Reply
We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!
Tags: arbitrary html, browser session, cross-site scripting, htaccess files, libraries, parameters, register globals, root user, script code, security hole, UNIX
Recent Comments
Yesterday ~ 24 Comments
Yesterday ~ 24 Comments
Yesterday ~ 3 Comments
Yesterday ~ 2 Comments
09/05/2008 06:08 pm (2 days ago) ~ 16 Comments