Welcome to the JaguarPC Community
JaguarPC
Sales: (888) 338-5261
Support: (888)-551-3050
Results 1 to 1 of 1

This is a discussion on phpMyAdmin 2.11.1.2 is released in the Open Discussion & Chit-chat forum
I don't know how many of you are running your own installs of phpMyAdmin, but there has been a recent spattering of security problems. Better ...

  1. 10-20-2007, 12:31 PM #1
    Vin DSL
    Vin DSL is offline
    Yeah, I know a LOT! Vin DSL's Avatar
    Join Date
    Mar 2003
    Location
    Arizona Uplands
    Posts
    10,775

    Exclamation phpMyAdmin 2.11.1.2 is released

    I don't know how many of you are running your own installs of phpMyAdmin, but there has been a recent spattering of security problems.

    Better get phpMyAdmin 2.11.1.2 ASAP!

    http://www.phpmyadmin.net/home_page/index.php

    BTW, these are XSS issues (the worst kind IMHO) and should NOT be ignored!!!

    EXAMPLE - SOURCE

    Type-1 attack
    1. Alice often visits a particular website, which is hosted by Bob. Bob's website allows Alice to log in with a username/password pair and store sensitive information, such as billing information.

    2. Mallory observes that Bob's website contains a reflected XSS vulnerability.

    3. Mallory crafts a URL to exploit the vulnerability, and sends Alice an email, making it look as if it came from Bob (ie. the email is spoofed).

    4. Alice visits the URL provided by Mallory while logged into Bob's website.

    5. The malicious script embedded in the URL executes in Alice's browser, as if it came directly from Bob's server. The script steals sensitive information (authentication credentials, billing info, etc) and sends this to Mallory's web server without Alice's knowledge.
    Last edited by Vin DSL; 10-20-2007 at 12:50 PM.
    DISCLAIMER Any resemblance between the views expressed above and those of the owners and operators of this system is purely coincidental. Any resemblance between these views and my own are non-deterministic. The existence of Vin DSL is questionable. The existence of views in the absence of anyone to hold them is problematic. The existence of the reader is left as an exercise in the second-order coefficient.

    No Guts, No Story! VinDSL © 2010
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules