[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Analysis of issue for phpmyadmin and request for comment on XSS issues

On Sun, 2016-06-26 at 23:47 +0200, Ola Lundqvist wrote:
> Hi LTS team
> I have done some analysis of the issues for phpmyadmin.
> It would be good to know what your opinion about XSS issues for admin
> software like phpmyadmin is. I do not see how that can be very important. I
> mean you know the URL and do not really use external links for accessing it.
> Or do anyone have another opinion?

So long as Javascript is enabled, there are many ways for a rogue site
to generate HTTP requests to another site, and to obscure where a link
really leads.  Not many DBAs are going to turn Javascript off *and*
check every link target before following it.

However, I think XSS issues are generally treated as not meriting a
DSA/DLA by themselves.



Ben Hutchings
Humour is the best antidote to reality.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: