Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: phpMyAdmin server_privileges.php SQL Injection Vulnerabilities.
From: michal () cihar com
Date: 19 Dec 2005 08:50:18 -0000

Hi

There is no vulnerability in this - user needs to be logged in. You can do same (without messing SQL injection) by 
directly passing SQL statements to import.php or sql.php. Yes phpMyAdmin allows to execute queries to authenticated 
users, but it's main task of this program and can not be considered as vulnerability.

Michal


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]