Cross site Scripting in phpMyAdmin
What is phpMyAdmin?
phpMyAdmin is a free and open source tool written in php designed to manage MySQL databases over the Internet. With more than 200,000 downloads every month, phpMyAdmin is one of the top MySQL database administration tools.
What is Cross Site Scripting?
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites.
What could be worse to get an XSS in database application ? Yes! an XSS vulnerability has been reported to phpMyAdmin security team. Versions 4.7.x – 4.7.7 (prior to 4.7.8) are affected.
While testing application version 4.7.7 it was found that a CSRF token is needed to exploit XSS. While testing on version 4.7.4 gives me a clear alert XSS pop-up .
To exploit this XSS in version 4.7.4 all you need to click on below link
https://localhost/phpmyadmin/db_central_columns.php?total_rows=0′”›‹script›alert(1)‹/script›
After testing further , it also came to know that the DEV environment of phpMyAdmin version 4.8.0 which is on https://demo.phpmyadmin.net/master-config/ is also vulnerable for XSS.
XSS in web application is good but XSS in database application is worse.
The security team has pushed a patch so requesting phpMyAdmin users to update phpMyAdmin version 4.7.8
A CVE ID has been assigned to this CVE-2018-7260
PhpMyAdmin security team has published a security announcement https://www.phpmyadmin.net/security/PMASA-2018-1/
Fix code can be found here https://github.com/phpmyadmin/phpmyadmin/commit/d2886a3
Got Question ? DM me @twitter
Bug Hunting 