https://www.exploit-db.com/exploits/25155
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200502-092

phpMyAdmin就是一种MySQL数据库的管理工具。phpMyAdmin2.6.1中的跨站脚本攻击漏洞，可让远程攻击者通过以下方式注入任意HTML和Web脚本：(1)select_server.lib.php中的strServer、cfg[BgcolorOne]或strServerChoice参数，(2)display_tbl_links.lib.php中的bg_colororrow_no参数、theme_left.css.php中的left_font_family参数或theme_right.css.php中的right_font_family参数。

source: http://www.securityfocus.com/bid/12644/info
   
Multiple remote cross-site scripting vulnerabilities affect phpMyAdmin. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content.
   
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

http://www.example.com/phpMyAdmin/themes/original/css/theme_right.css.php?right_font_family=[XSS]

来源:XF
名称:phpmyadmin-multiple-php-xss(19462)
链接:http://xforce.iss.net/xforce/xfdb/19462
来源:BID
名称:12644
链接:http://www.securityfocus.com/bid/12644
来源:GENTOO
名称:GLSA-200503-07
链接:http://www.gentoo.org/security/en/glsa/glsa-200503-07.xml
来源:SECUNIA
名称:14382
链接:http://secunia.com/advisories/14382
来源:BUGTRAQ
名称:20050224[SECURITYREASON.COM]phpMyAdmin2.6.1RemotefileinclusionandXSScXIb8O3.4
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=110929725801154&w;=2