Just as usual , I started this day by reading hackers webzine (http://www.0×000000.com/) . And What I read today is kinda shocking . Since I’ve been using PhpMyAdmin for years , I have never noticed such big vulnerabilities ever existed on PhpMyAdmin itself 
. Here’s the full-excerpt that taken from http://www.0×000000.com/?i=587 :
Recenly searchOK I could not resist to post this.
I played around with PhpMyAdmin a moment ago, and I never gave it much thought since it bores me too quickly. But this is kind of interesting. I have two different instances of PhpMyAdmin running for testing purposes. it is interesting to see that almost nobody understand CSRF and it’s capabilities including those PhpMyAdmin developers. I mean this stuff is hilarious, first of when you sign-in to PhpMyAdmin it looks like it sets a token because it says:
foo.php?token=md5thingy
secure right?
Well, I am not sure what they are doing there, but removing the token doesn’t make any difference. it just continues to work. So I emptied the cookie, well to no avail I am still logged into it. This means it uses a plain PHP session, this way it’s vulnerable to CSRF and I can do anything at will if someone visits my special webpage and is still logged into PhpMyAdmin.
But of course, it gets worse.
How about truncating a table, or just drop a table through CSRF? it only requires the victim to be logged into his PhpMyadmin or still sits in the 24 minute PHP session timezone. We can craft a special page that submits itself in an Iframe. But the most shocking thing is that PhpMyAdmin sets the query to truncate a table inside a form field. This is done this way:
Ugh.So this means I can add anything I like there? of course we can:
Since a standard PHP session usually last 24 minutes, attackers can hack anyone even after you close your PhpMyAdmin session. Much more is possible, and probably very fancy stuff. Yes, you need to know the table name in order to pull this off, but how about making 200 hidden Iframes in our victim page that guesses the table names? or just reload the Iframe with different table names for about 5 minutes if you do not know the table name? I am sure that one will be the right one! and I would not be surprised if you could use GET also
Incoming search terms for the article:
phpmyadmin hack, hack phpmyadmin, hacking phpmyadmin, metasploit phpmyadmin, how to hack phpmyadmin, phpmyadmin hacks, phpmyadmin ile hack, phpmyadmin metasploit, running phpmyadmin in iframe, ? www 000000com, phpmyadmin hackers, php tokenize sql, how hack phpmyadmin, hacking with Phpmyadmin, hacker via phpMyAdmin, tuto hack phpmyadmin,Popular Today naruto shippuden 170 videolog, cat physics walkthrough, naruto shippuden 168 videolog, facebook spy, backtrack 3, shy engine, vtunnel, BackTrack tutorial, backtrack 3 tutorial, facebook photo viewer, See The Shocking Hidden Message In The Google Logo that GOOGLE Does NOT Want You To Know About!, how to view private myspace pictures, my empire hack, view private myspace pictures, SHOCKING: RUDE HIDDEN MESSAGE in Toy Story 3!, facebook keylogger, HIDDEN MESSAGE IN GOOGLE LOGO, Terri Moulton Horman, rapidleech, brute force facebook, Computer Security Stuff on eBay!
Electronics stuffs on ebay
CSRF and Sql Injection vulnerabilities on PhpMyAdmin is posted on June 5th, 2008 by admin. This post is filed under: Security, Tutorial, exploits, secInfo, tutorials, hack phpmyadmin, hacker via phpmyadmin, hacking phpmyadmin, hacking phpmyadmin setup.php, hacking with phpmyadmin, how hack phpmyadmin, how to hack phpmyadmin, metasploit phpmyadmin, phpmyadmin display in iframe, phpmyadmin hack, phpmyadmin hackers, phpmyadmin hacks, phpmyadmin iframe, phpmyadmin ile hack, phpmyadmin in iframe, phpmyadmin metasploit, tuto hack phpmyadmin .
Leave a Reply