Package: phpmyadmin Version: 4:2.6.2-3sarge1, 4:2.6.4-pl4-1 Severity: critical
The patch by Martin Schulze in attachment. -- .''`. Piotr Roszatycki, Netia SA : :' : mailto:[EMAIL PROTECTED] `. `' mailto:[EMAIL PROTECTED] `-
Cross-site scripting by trusting potentially user-supplied input. diff -u -p -Nr --exclude CVS phpmyadmin-2.6.2.orig/libraries/header_meta_style.inc.php phpmyadmin-2.6.2/libraries/header_meta_style.inc.php --- phpmyadmin-2.6.2.orig/libraries/header_meta_style.inc.php 2005-03-07 00:23:46.000000000 +0100 +++ phpmyadmin-2.6.2/libraries/header_meta_style.inc.php 2005-11-18 07:08:56.000000000 +0100 @@ -2,6 +2,10 @@ /* $Id: header_meta_style.inc.php,v 2.3 2005/03/06 23:23:46 nijel Exp $ */ // vim: expandtab sw=4 ts=4 sts=4: +if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) { + die("GLOBALS overwrite attempt"); +} + /** * Sends the beginning of the html page then returns to the calling script */ diff -u -p -Nr --exclude CVS phpmyadmin-2.6.2.orig/libraries/header_http.inc.php phpmyadmin-2.6.2/libraries/header_http.inc.php --- phpmyadmin-2.6.2.orig/libraries/header_http.inc.php 2004-04-27 14:36:11.000000000 +0200 +++ phpmyadmin-2.6.2/libraries/header_http.inc.php 2005-11-18 22:06:46.000000000 +0100 @@ -2,6 +2,10 @@ /* $Id: header_http.inc.php,v 2.1 2004/04/27 12:36:11 nijel Exp $ */ // vim: expandtab sw=4 ts=4 sts=4: +if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) { + die("GLOBALS overwrite attempt"); +} + /** * Sends http headers */