|
Mantis - phpmyadmin
|
|||||
| Viewing Issue Advanced Details | |||||
|
|
|||||
| ID: | Category: | Severity: | Reproducibility: | Date Submitted: | Last Update: |
| 4857 | upgrade | major | always | 2011-11-07 21:34 | 2011-11-09 09:09 |
|
|
|||||
| Reporter: | bwalton | Platform: | |||
| Assigned To: | bonivart | OS: | |||
| Priority: | high | OS Version: | |||
| Status: | closed | Product Version: | |||
| Product Build: | Resolution: | fixed | |||
| Projection: | none | ||||
| ETA: | none | Fixed in Version: | |||
|
|
|||||
| Summary: | 0004857: Exploit in the wild for phpmyadmin | ||||
| Description: |
Hi Peter, There is an in the wild exploit for phpmyadmin right now: http://www.phpmyadmin.net/home_page/security/PMASA-2011-10.php [^] http://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php [^] Time for an upgrade (and likely a notice on users@/announce@?) Thanks -Ben |
||||
| Steps To Reproduce: | |||||
| Additional Information: |
From our local security team: "GET /phpmyadmin/index.php?session_to_unset=" followed by a few variables/values, and quite a bit of encoded attack code. That should tell you if you were attacked (but not if the attacks were successful). The attack will likely drop a backdoor on your system. Look for a subsequent successful connection to the backdoor to determine if you've been hacked. |
||||
| Relationships | |||||
| Attached Files: | |||||
|
|
|||||
| Issue History | |||||
| Date Modified | Username | Field | Change | ||
| 2011-11-07 21:34 | bwalton | New Issue | |||
| 2011-11-08 09:02 | bonivart | Status | new => assigned | ||
| 2011-11-08 09:02 | bonivart | Assigned To | => bonivart | ||
| 2011-11-08 09:17 | bonivart | Note Added: 0009392 | |||
| 2011-11-09 09:09 | bonivart | Status | assigned => closed | ||
| 2011-11-09 09:09 | bonivart | Resolution | open => fixed | ||
| Notes | |||||
|
|
|||||
|
|
||||