Re: phpmyadmin compromised?

["H. Kurth Bemis" <kurth () kurthbemis com>]

This.

As I recall this happened after changing the "Secret Key".  I've also
see this happen after a major upgrade, likely due to the same reason.

Best of luck,
~k

On Mon, 2012-11-19 at 17:51 +0100, Christian Sciberras wrote:
> That is not a compromise. It is related to a change in encoding.
> Please clear your cookies and try again.
>
> (I've had this exact problem in the past, but I don't remember the details)
>
>
> Chris.
>
>
> On Mon, Nov 19, 2012 at 5:48 PM, Benji <me () b3nji com> wrote:
>
> > .. could you have provided any less information? why dont you look through
> > your code instead of emailing a screenshot to a mailing list? really?
> >
> >
> > On Mon, Nov 19, 2012 at 4:47 PM, Benji <me () b3nji com> wrote:
> >
> > > .. coul
> > >
> > >
> > > On Mon, Nov 19, 2012 at 4:45 PM, Lucio Crusca <lucio () sulweb org> wrote:
> > >
> > > > Hello *,
> > > >
> > > > I've setup my browser to remember login & password at my server
> > > > phpmyadmin
> > > > login page. It usually fills the two fields correctly, but today it
> > > > showed
> > > > this crap instead:
> > > >
> > > >
> > > > http://img208.imagevenue.com/img.php?image=38933_php_myadmin_compromised_122_430lo.jpg
> > > >
> > > > Since I've already suffered a security breach through phpmyadmin in the
> > > > past, I immediately suspected another one. Please note that phpmyadmin is
> > > > shielded by http digest authentication since the previous accident.
> > > >
> > > > Are you aware of any security problems related to phpmyadmin (or to
> > > > Iceweasel 10 for that matter) that can cause such garbage on the login
> > > > page?
> > > >
> > > > Thanks in advance
> > > > Lucio.
> > > >
> > > >
> > > >
> > > >
> > > > _______________________________________________
> > > > Full-Disclosure - We believe in it.
> > > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > > Hosted and sponsored by Secunia - http://secunia.com/
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> That is not a compromise. It is related to a change in encoding.
> Please clear your cookies and try again.
>
>
> (I've had this exact problem in the past, but I don't remember the
> details)
>
>
>
>
> Chris.
>
>
> On Mon, Nov 19, 2012 at 5:48 PM, Benji <me () b3nji com> wrote:
>         .. could you have provided any less information? why dont you
>         look through your code instead of emailing a screenshot to a
>         mailing list? really?
>         
>         
>         On Mon, Nov 19, 2012 at 4:47 PM, Benji <me () b3nji com> wrote:
>                 .. coul
>                 
>                 
>                 On Mon, Nov 19, 2012 at 4:45 PM, Lucio Crusca
>                 <lucio () sulweb org> wrote:
>                         Hello *,
>                         
>                         I've setup my browser to remember login &
>                         password at my server phpmyadmin
>                         login page. It usually fills the two fields
>                         correctly, but today it showed
>                         this crap instead:
>                         
>                         http://img208.imagevenue.com/img.php?image=38933_php_myadmin_compromised_122_430lo.jpg
>                         
>                         Since I've already suffered a security breach
>                         through phpmyadmin in the
>                         past, I immediately suspected another one.
>                         Please note that phpmyadmin is
>                         shielded by http digest authentication since
>                         the previous accident.
>                         
>                         Are you aware of any security problems related
>                         to phpmyadmin (or to
>                         Iceweasel 10 for that matter) that can cause
>                         such garbage on the login page?
>                         
>                         Thanks in advance
>                         Lucio.
>                         
>                         
>                         
>                         
>                         _______________________________________________
>                         Full-Disclosure - We believe in it.
>                         Charter:
>                         http://lists.grok.org.uk/full-disclosure-charter.html
>                         Hosted and sponsored by Secunia -
>                         http://secunia.com/
>                 
>                 
>         
>         
>         
>         _______________________________________________
>         Full-Disclosure - We believe in it.
>         Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>         Hosted and sponsored by Secunia - http://secunia.com/
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/