CVE-2010-4480

phpMyAdmin < 3.4.0-beta1 - Cross-Site Scripting via BBcode Tag

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4480. PoCs published by emgent white_sheep & scox.

AI-analyzed exploit summary This exploit demonstrates a client-side code injection and redirect vulnerability in phpMyAdmin's error.php. It leverages BBCode-like tags to inject malicious links, redirecting users to arbitrary URLs.

Description

error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "[a@url@page]".

Exploits (1)

exploitdb WORKING POC VERIFIED

by emgent white_sheep & scox · textwebappsphp

https://www.exploit-db.com/exploits/15699

View Code ZIP pw:eip

This exploit demonstrates a client-side code injection and redirect vulnerability in phpMyAdmin's error.php. It leverages BBCode-like tags to inject malicious links, redirecting users to arbitrary URLs.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: phpMyAdmin (version not specified)

No auth needed

Prerequisites: Access to phpMyAdmin error.php page

MITRE ATT&CK