News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Ars Technica:
Questions abound as malicious phpMyAdmin backdoor found on SourceForge site
September 26, 2012 @ 09:45:59

As Ars Technica reports, there was a recent exploit found on the SourceForce website's installation of phpMyAdmin that allowed an attacker to POST anything to the site to be executed.

Developers of phpMyAdmin warned users they may be running a malicious version of the open-source software package after discovering backdoor code was snuck into a package being distributed over the widely used SourceForge repository. The backdoor contains code that allows remote attackers to take control of the underlying server running the modified phpMyAdmin, which is a Web-based tool for managing MySQL databases. The PHP script is found in a file named server_sync.php, and it reads PHP code embedded in standard POST Web requests and then executes it. T

The backdoor was somehow snuck into the code of phpMyAdmin on one of the mirrors and distributed to those downloading version 3.5.2.2. They think that the only downloads that were tainted with this issue were on the "cdnetworks" mirror site. You can find out more about the issue in this advisory - be sure you check your installation for a "server_sync.php" file and remove it if it exists.

0 comments voice your opinion now!
phpmyadmin sourceforge malicious eval serversync backboor


blog comments powered by Disqus

Similar Posts

Evert Pot's Blog: Creating Streams from Strings in PHP

Inside Open Source: Viewing Large Record Sets in PHPMyAdmin

Bill Staples' Blog: IIS7 in the Community

Sridhareena.com: phpMyAdmin Installation Tutorial

NetTuts.com: Installing and Using PHPMyAdmin for Web Development


Community Events





Don't see your event here?
Let us know!


framework opinion list version series library podcast language conference release artisanfiles interview community voicesoftheelephpant symfony composer tool laravel introduction security

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework