Package: phpmyadmin
Version: 4:2.6.2-3sarge1, 4:2.6.4-pl4-1
Severity: critical
The patch by Martin Schulze in attachment.
--
.''`. Piotr Roszatycki, Netia SA
: :' : mailto:[EMAIL PROTECTED]
`. `' mailto:[EMAIL PROTECTED]
`-
Cross-site scripting by trusting potentially user-supplied input.
diff -u -p -Nr --exclude CVS phpmyadmin-2.6.2.orig/libraries/header_meta_style.inc.php phpmyadmin-2.6.2/libraries/header_meta_style.inc.php
--- phpmyadmin-2.6.2.orig/libraries/header_meta_style.inc.php 2005-03-07 00:23:46.000000000 +0100
+++ phpmyadmin-2.6.2/libraries/header_meta_style.inc.php 2005-11-18 07:08:56.000000000 +0100
@@ -2,6 +2,10 @@
/* $Id: header_meta_style.inc.php,v 2.3 2005/03/06 23:23:46 nijel Exp $ */
// vim: expandtab sw=4 ts=4 sts=4:
+if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) {
+ die("GLOBALS overwrite attempt");
+}
+
/**
* Sends the beginning of the html page then returns to the calling script
*/
diff -u -p -Nr --exclude CVS phpmyadmin-2.6.2.orig/libraries/header_http.inc.php phpmyadmin-2.6.2/libraries/header_http.inc.php
--- phpmyadmin-2.6.2.orig/libraries/header_http.inc.php 2004-04-27 14:36:11.000000000 +0200
+++ phpmyadmin-2.6.2/libraries/header_http.inc.php 2005-11-18 22:06:46.000000000 +0100
@@ -2,6 +2,10 @@
/* $Id: header_http.inc.php,v 2.1 2004/04/27 12:36:11 nijel Exp $ */
// vim: expandtab sw=4 ts=4 sts=4:
+if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) {
+ die("GLOBALS overwrite attempt");
+}
+
/**
* Sends http headers
*/
