PhpMyAdmin - Client Side Code Injection and Redirect Link Falsification (0day)

EDB-ID: 15699 CVE: 2010-4480 OSVDB-ID: 69684...
Verified: Author: emgent white_sheep and scox Published: 2010-12-06
Download Exploit: Source Raw Download Vulnerable App:
PhpMyAdmin Client Side 0Day Code Injection and Redirect Link Falsification

  Emanuele 'emgent' Gentili   <>
  Marco 'white_sheep' Rondini <>
  Alessandro 'scox' Scoscia   <>

In error.php, PhpMyAdmin permit to insert text and restricted tag, like BBCode.
With tag [a@url@page]Click Me[/a], you can insert your own page, and redirect all users.
Available tags are:

      '[i]'       => '<em>',      
      '[/i]'      => '</em>',     
      '[em]'      => '<em>',
      '[/em]'     => '</em>',
      '[b]'       => '<strong>',  
      '[/b]'      => '</strong>', 
      '[strong]'  => '<strong>',
      '[/strong]' => '</strong>',
      '[tt]'      => '<code>',    
      '[/tt]'     => '</code>',   
      '[code]'    => '<code>',
      '[/code]'   => '</code>',
      '[kbd]'     => '<kbd>',
      '[/kbd]'    => '</kbd>',
      '[br]'      => '<br />',
      '[/a]'      => '</a>',
      '[sup]'      => '<sup>',
      '[/sup]'      => '</sup>',

      and replace '/\[a@([^"@]*)@([^]"]*)\]/' with '<a href="\1" target="\2">'


OWASP Reference: