News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Ars Technica:
Questions abound as malicious phpMyAdmin backdoor found on SourceForge site
September 26, 2012 @ 09:45:59

As Ars Technica reports, there was a recent exploit found on the SourceForce website's installation of phpMyAdmin that allowed an attacker to POST anything to the site to be executed.

Developers of phpMyAdmin warned users they may be running a malicious version of the open-source software package after discovering backdoor code was snuck into a package being distributed over the widely used SourceForge repository. The backdoor contains code that allows remote attackers to take control of the underlying server running the modified phpMyAdmin, which is a Web-based tool for managing MySQL databases. The PHP script is found in a file named server_sync.php, and it reads PHP code embedded in standard POST Web requests and then executes it. T

The backdoor was somehow snuck into the code of phpMyAdmin on one of the mirrors and distributed to those downloading version 3.5.2.2. They think that the only downloads that were tainted with this issue were on the "cdnetworks" mirror site. You can find out more about the issue in this advisory - be sure you check your installation for a "server_sync.php" file and remove it if it exists.

0 comments voice your opinion now!
phpmyadmin sourceforge malicious eval serversync backboor


blog comments powered by Disqus

Similar Posts

Andreas Gohr's Blog: MySimple.php - A lightweight PHPMyAdmin substitute

Builder.com.au: Creating and managing a Mysql database with phpMyAdmin

Greg Beaver's Blog: PhpDocumentor 1.3.1 is released

Hardened-PHP Project: Advisory - phpMyAdmin Multiple CSRF Vulnerabilities

Jared White's Blog: Back in the Running


Community Events

Don't see your event here?
Let us know!


extension language api version interview library podcast voicesoftheelephpant list framework community unittest series example laravel5 laravel opinion php7 release introduction

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework