News Feed
Jobs Feed
Sections




News Archive
Hardened-PHP Project:
Advisory - phpMyAdmin Multiple CSRF Vulnerabilities
by Chris Cornutt October 02, 2006 @ 09:51:00

The Hardened-PHP Project has issued another advisory today, this time effecting the popular database administration package phpMyAdmin.

During an audit of phpMyAdmin's protection against CSRF: Cross Site Request Forgeries we discovered that there were multiple ways to bypass the protection.

The failure of phpMyAdmin's CSRF protection obviously means that a potential attacker can use CSRF attacks to trick the browser of a phpMyAdmin user to execute any kind of SQL queries on the victims database server.

The advisory mentions the source of the problem - a random token that is in the user's session that could be exploited to gain unauthorized access to an account. Their recommendation is to update to the latest version of phpMyAdmin (2.9.0.1 as of the time of this post) to help resolve the issue.

0 comments voice your opinion now!
phpmyadmin csrf vulnerability multiple advisory phpmyadmin csrf vulnerability multiple advisory


blog comments powered by Disqus

Similar Posts

Paul Jones' Blog: New PDO Behavior In PHP 5.2.1

Jachim Coudenys: Using multiple databases in phpunit/dbunit with Composer

Sephiroth.it: Backup your batabases w/o phpmyadmin

Stefan Esser\'s Blog: DokuWiki remote PHP code injection

Community News: New phpMyAdmin Patch Released - 2.7.0-pl1


 Community Events









Don't see your event here?
Let us know!

language testing tool code api phpunit community example development release introduction object opinion zendframework2 unittest podcast composer database interview framework

All content copyright, 2013 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework