by Anshuman    May 28, 2019

This is the demonstration of Cross-Site-Scripting attack in phpMyAdmin and PHP_SELF and for this demo, I’ll be using bWAPP and bWAPP is a buggy web application and we can use to test various vulnerabilities in the web.

bWAPP Official Link:- http://www.itsecgames.com/

How to perform a Cross-Site Scripting attack in phpMyAdmin?

Now please choose Cross-site-Scripting — Reflected (phpMyAdmin) from the drop-down menu and click Hack.

So this is a phpMyAdmin cross-site scripting bug and you can see the message here that

The phpMyAdmin version fails to validate BBcode tags in the error.php script! and HINT is "CVE-2010–4480"

CVE meaning — Common Vulnerabilities and Exposures which is widely known as CVE id. And if you search this id on their website then you will find the details of this particular vulnerability.

And when I search this id (CVE-2010–4480) as per their search result, it shows that on version no 3.3.8.1 there was a cross-site scripting vulnerability found in phpMyAdmin files and an attacker can able to inject JavaScript code in the URL parameter.

For example, there was an XSS bug found in the db_central_columns.php file query parameter.

http://localhost/phpmyadmin/db_central_columns.php?total_rows=0"><script>alert(1)</script>

And it was a major bug found in phpMyAdmin and by this, an attacker can do serious damage to the database.

But till now in most of the phpMyAdmin version, this bug already fixed.

For more information please check CVE report.

1.CVE-2010-4480

How to perform a Cross-Site Scripting attack in PHP_SELF?

Now please choose Cross-site-Scripting — Reflected (PHP_SELF) from the drop-down menu and click Hack.

As you can see here we got the same user interface again which we found in (GET & POST) sections — Cross-site-Scripting — Reflected (GET & POST)

So let’s enter the first name and last name if it is reflecting then we can inject JavaScript code.

As you can see the first name and last name reflects on the webpage, so let’s enter the JavaScript code.

<script>alert(1)</script>

And as you can see I am able to inject JavaScript code and a better way to prevent this attack if we do proper sanitization of special characters then we can prevent this bug.

And every time when you are developing a web application then please follow OWASP guidelines.

In that way at least you can reduce common vulnerability in the websites.

For more information?

1.OWASP™ Foundation

I hope you guys like this post-bye bye for now.

Happy Hacking :)

BUG BOUNTY