Home page logo

bugtraq logo Bugtraq mailing list archives

about phpMyAdmin's server_privileges.php announced vulnerability
From: Marc Delisle <Marc.Delisle () cegepsherbrooke qc ca>
Date: Mon, 19 Dec 2005 13:17:15 -0500

phpMyAdmin's team answer to vulnerability announcement
of Dec 17, 2005
[ http://www.securityfocus.com/archive/1/419709/30/0/threaded ]

We don't think that this is a real threat. The server_privileges.php script checks at the beginning if the user is privileged. So, for this attack to work, the victim's phpMyAdmin installation would have to be set as to allow any user to auto-login as a privileged user! If this is the case, this phpMyAdmin installation is wide open and this situation has to be fixed by the person who configured phpMyAdmin.

Marc Delisle, for the team

  By Date           By Thread  

Current thread:
  • about phpMyAdmin's server_privileges.php announced vulnerability Marc Delisle (Dec 19)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]