Anonymous | Login | 2024-04-19 17:12 CEST |
Main | My View | View Issues |
Viewing Issue Advanced Details [ Jump to Notes ] | [ View Simple ] [ Issue History ] [ Print ] | ||||||
ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||
0004857 | [phpmyadmin] upgrade | major | always | 2011-11-07 21:34 | 2011-11-09 09:09 | ||
Reporter | bwalton | View Status | public | ||||
Assigned To | bonivart | ||||||
Priority | high | Resolution | fixed | Platform | |||
Status | closed | OS | |||||
Projection | none | OS Version | |||||
ETA | none | Product Build | |||||
Summary | 0004857: Exploit in the wild for phpmyadmin | ||||||
Description |
Hi Peter, There is an in the wild exploit for phpmyadmin right now: http://www.phpmyadmin.net/home_page/security/PMASA-2011-10.php [^] http://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php [^] Time for an upgrade (and likely a notice on users@/announce@?) Thanks -Ben |
||||||
Steps To Reproduce | |||||||
Additional Information |
From our local security team: "GET /phpmyadmin/index.php?session_to_unset=" followed by a few variables/values, and quite a bit of encoded attack code. That should tell you if you were attacked (but not if the attacks were successful). The attack will likely drop a backdoor on your system. Look for a subsequent successful connection to the backdoor to determine if you've been hacked. |
||||||
Tags | No tags attached. | ||||||
Attached Files | |||||||
|
Notes | |
(0009392) bonivart (developer) 2011-11-08 09:17 |
Luckily I had 3.4.5 sitting in experimental so I just uploaded it to unstable. |
Copyright © 2000 - 2008 Mantis Group |