Lifedork

Just as usual , I started this day by reading hackers webzine (http://www.0×000000.com/) . And What I read today is kinda shocking . Since I’ve been using PhpMyAdmin for years , I have never noticed such big vulnerabilities ever existed on PhpMyAdmin itself . Here’s the full-excerpt that taken from http://www.0×000000.com/?i=587 :

OK I could not resist to post this.

I played around with PhpMyAdmin a moment ago, and I never gave it much thought since it bores me too quickly. But this is kind of interesting. I have two different instances of PhpMyAdmin running for testing purposes. it is interesting to see that almost nobody understand CSRF and it’s capabilities including those PhpMyAdmin developers. I mean this stuff is hilarious, first of when you sign-in to PhpMyAdmin it looks like it sets a token because it says:

foo.php?token=md5thingy

secure right?

Well, I am not sure what they are doing there, but removing the token doesn’t make any difference. it just continues to work. So I emptied the cookie, well to no avail I am still logged into it. This means it uses a plain PHP session, this way it’s vulnerable to CSRF and I can do anything at will if someone visits my special webpage and is still logged into PhpMyAdmin.

But of course, it gets worse.

How about truncating a table, or just drop a table through CSRF? it only requires the victim to be logged into his PhpMyadmin or still sits in the 24 minute PHP session timezone. We can craft a special page that submits itself in an Iframe. But the most shocking thing is that PhpMyAdmin sets the query to truncate a table inside a form field. This is done this way:

Ugh.

So this means I can add anything I like there? of course we can:

Since a standard PHP session usually last 24 minutes, attackers can hack anyone even after you close your PhpMyAdmin session. Much more is possible, and probably very fancy stuff. Yes, you need to know the table name in order to pull this off, but how about making 200 hidden Iframes in our victim page that guesses the table names? or just reload the Iframe with different table names for about 5 minutes if you do not know the table name? I am sure that one will be the right one! and I would not be surprised if you could use GET also

Computer Security Stuff on eBay!
Electronics stuffs on ebay

CSRF and Sql Injection vulnerabilities on PhpMyAdmin is posted on June 5th, 2008 by admin. This post is filed under: Security, Tutorial, exploits, secInfo, tutorials .

Some people come to this post with this search term: hack phpmyadmin, phpMyAdmin hack, inurl:/phpmyadmin token, hacking phpMyAdmin, how to hack phpmyadmin, phpmyadmin hacks, hack phpmyadmin password, hackear phpmyadmin, Phpmyadmin hacking, phpMyAdmin hacked, phpmyadmin token, how to hack into phpmyadmin, phpmyadmin injection, metasploit phpmyadmin, phpmyadmin metasploit, phpmyadmin password hack, hacking into phpmyadmin, csrf tutorial, phpmyadmin hacken, how to hack phpmyadmin password,

And here is the related entries of this post:

• CSRF Hacking Database & Tutorial
• Sql Injection Tutorial
• Friendster.com ’s 1 month Vulnerabilities History Project launched!
• how to view private myspace pictures with ViewMorePix.com
• The RFC of Hackers