PhpLDAPadmin "base" Parameter Cross-Site Scripting Vulnerability

Release date:
Updated on:

Affected Systems:
PhpLDAPadmin 1.2.2
Unaffected system:
PhpLDAPadmin 2.0
Description:
--------------------------------------------------------------------------------
Bugtraq id: 51793
Cve id: CVE-2012-0834

PhpLDAPadmin is a web-based LDAP client that allows you to conveniently manage LDAP servers.

A cross-site scripting vulnerability exists in phpLDAPadmin implementation. Attackers can exploit this vulnerability to execute arbitrary script code in the affected sites and steal Cookie creden.

<* Source: andsarmiento

Link: http://www.securityfocus.com/archive/1/521450
*>

Test method:
--------------------------------------------------------------------------------
Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!

Http://www.example.com/phpldapadmin/htdocs/cmd.php? Cmd = query_engine & amp; server_id = 1 & amp; query = none & amp; format = list & amp; showresults = na & amp; base = % 3 Cscript % 3 Ealert % 28% 27XSS % 27% 29% 3C % 2 Fscript % 3E & amp; scope = sub & amp;
Filter = objectClass % 3D * display_attrs = cn % 2C + sn % 2C + uid % 2C + postalAddress % 2C + telephoneNumber & amp; orderby = & amp; size_limit = 50 & amp; search = Search

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

PhpLDAPadmin
------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://phpldapadmin.sourceforge.net/