hacker?

hmm,

kommt wohl auf das Script an ob man das Missbrauchen kann und dann kannste ja mal auf den Securityseiten schaun welche Version wie sicher ist von MySQL.

Hm, eine der älteren phpMyAdmin 2.0 Versionen hat eine Sicherheitslücke, soweit ich mich erinnern kann...

das ist die neuste version! ich verstehe das auch nicht. ich hab erstmal schlund beauftragt mir alle bewegungen auf der page zu ermitteln. mal sehen, was die finden. danke leutz

Neben einem Hackerangriff auf mySQL oder einem Fehler der fleisigen Coder von phpmyadmin könnte auch dies eine Ursache sein ??? :

Fatal error: Call to undefined function: close.schmalle() in php-resource.de/forumindex.php on line 100265


Büdde nicht haun....

@kaffi .... *grummel*

ich habe noch immer kein plan, wie das passieren konnte.

You are running a version of MySQL which is
older than (or as old as) version 3.22.29

If you have not patched this version, then
any attacker who knows a valid username can
access your tables without having to enter any
valid password.

Risk factor : High
Solution : Upgrade to a newer version, or
edit the file mysql-xxx/sql/password.c, and
search for the 'while(*scrambled)' loop. In front
of it, add : 'if(strlen(scrambled) != strlen(to))return 1'

http://cgi.nessus.org/cve.php3?cve=CVE-2000-0148

vulnerable
phpMyAdmin phpMyAdmin 2.0
phpMyAdmin phpMyAdmin 2.0.1
phpMyAdmin phpMyAdmin 2.0.2
phpMyAdmin phpMyAdmin 2.0.3
phpMyAdmin phpMyAdmin 2.0.4
phpMyAdmin phpMyAdmin 2.0.5
phpMyAdmin phpMyAdmin 2.1.2
phpMyAdmin phpMyAdmin 2.1.1
phpMyAdmin phpMyAdmin 2.1

NOT vulnerable
phpMyAdmin phpMyAdmin 2.2.2

phpMyAdmin is a freely available tool that provides a WWW interface for handling MySQL adminstrative tasks.

An input validation error exists in phpMyAdmin that could allow remote users to cause arbitrary commands to be executed by the PHP interpreter at runtime. This may result in the disclosure of sensitive information or the execution of arbitrary code on a host running the software.

No authentication mechanisms are enabled with default installations of phpMyAdmin.

Solution: Upgrade phpMyAdmin to phpMyAdmin 2.2.2

Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability

object mod_auth_mysql class Input Validation Error

'mod_auth_mysql' is an authentication module required by Apache server to make use of database-based authentication using MySQL.

This authentication module for Apache is prone to a vulnerability which will allow SQL queries to be manipulated via a HTTP request. Data that is included in SQL query strings is not adequately sanitized. It may be possible for malicious users to modify the structure of SQL queries.

It should be noted that this module does not allow for multiple queries to be sent. This effectively restricts exploitation to the query the module is already performing.

This issue allows the user to access resources that would normally be restricted, which may in turn provide an opportunity for the attacker to exploit other vulnerabilities that exist in the server.

It should be noted that Zeev Suraski's mod_auth_mysql 2.20 is not vulnerable.

SOLUTIONS:
Vivek Khera mod_auth_mysql 1.9:

Vivek Khera Upgrade mod_auth_mysql 1.10
Conectiva Upgrade 4.1 mod_auth_mysql-1.11-1U41_1cl.i386.rpm
Conectiva Upgrade 4.2 mod_auth_mysql-1.11-1U42_1cl.i386.rpm
Conectiva Upgrade 5.0 mod_auth_mysql-1.11-1U50_1cl.i386.rpm
Conectiva Upgrade 5.1 mod_auth_mysql-1.11-1U51_1cl.i386.rpm
Conectiva Upgrade 6.0 mod_auth_mysql-1.11-1U60_1cl.i386.rpm
Conectiva Upgrade 7.0 mod_auth_mysql-1.11-1U70_1cl.i386.rpm
SuSE Upgrade 7.2 i386 apache-contrib-1.0.9-94.i386.rpm
SuSE Upgrade 7.1 i386 apache-contrib-1.0.8-35.i386.rpm
SuSE Upgrade 7.1 SPARC apache-contrib-1.0.8-22.sparc.rpm
SuSE Upgrade 7.1 Alpha apache-contrib-1.0.8-23.alpha.rpm
SuSE Upgrade 7.1 PPC apache-contrib-1.0.8-22.ppc.rpm

WinMySQLadmin Plain Text Password Storage Vulnerability

vulnerable MySQL AB MySQL 3.23.x / MySQL AB WinMySQLadmin 1.1

A vunerability exists in WinMySQLadmin 1.1 that may result in the disclosure of sensitive authentication information for MySQL.

If a local user gained access to the 'my.ini' file, it is possible to retrieve configuration and authentication information for MySQL. The contents of this file are in plain text.

Solution: NONE

PHPMyAdmin File Inclusion Arbitrary Command Execution Vulnerability

vulnerable: phpMyAdmin phpMyAdmin 2.1

phpMyAdmin is a freely available, open source software package maintained by the phpMyAdmin Development Team. phpMyAdmin provides a graphical interface and friendly controls to MySQL.

A problem with the software package could allow arbitrary file inclusion. Due to the insufficient validation of input by the sql.php script, it is possible to supply an include file to the sql.php script, which will result in the code in the include file being executed. A remote user with knowledge of files on the local host, or the ability to upload an include file, may specify the file to be included in execution, which could result in code supplied include file being executed.

Therefore, it is possible for a remote user to supply an include file to the sql.php script, and execute arbitrary code.


Solution:
phpMyAdmin phpMyAdmin 2.1:

Secure Reality Patch 2.2.1 phpMyAdmin-SecureReality.diff
http://www.securereality.com.au/patc...reReality.diff

MySQL Root Operation Symbolic Link File Overwriting Vulnerability

vulnerable MySQL AB MySQL 3.20.32a
MySQL AB MySQL 3.23.34

A problem with the implementation of some MySQL databases may permit local users to overwrite sensitive system files. This problem affects MySQL implementations that run the database under the uid of root. By using a symbolic link in the /var/tmp directory, and linking it to a file that is write-accesible by root, a user can log into the database with their account, and create a table with a name corresponding to that of the symbolic link. The creation of the table will overwrite the linked file, and any data created within the table will be written to the file that has been symbolically linked. This is dependent entirely upon the attacker having a MySQL account with the "create table" privilege.

Therefore, it is possible for a local user to overwrite sensitive system files, and potentially gain elevated privileges, including administrative access.

Solution: MySQL AB Upgrade MySQL 3.23.36

wow @hand!

thanx for info!!!