Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: phpmyadmin compromised?
From: Benji <me () b3nji com>
Date: Mon, 19 Nov 2012 16:48:14 +0000

.. could you have provided any less information? why dont you look through
your code instead of emailing a screenshot to a mailing list? really?


On Mon, Nov 19, 2012 at 4:47 PM, Benji <me () b3nji com> wrote:

.. coul


On Mon, Nov 19, 2012 at 4:45 PM, Lucio Crusca <lucio () sulweb org> wrote:

Hello *,

I've setup my browser to remember login & password at my server phpmyadmin
login page. It usually fills the two fields correctly, but today it showed
this crap instead:


http://img208.imagevenue.com/img.php?image=38933_php_myadmin_compromised_122_430lo.jpg

Since I've already suffered a security breach through phpmyadmin in the
past, I immediately suspected another one. Please note that phpmyadmin is
shielded by http digest authentication since the previous accident.

Are you aware of any security problems related to phpmyadmin (or to
Iceweasel 10 for that matter) that can cause such garbage on the login
page?

Thanks in advance
Lucio.




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]