News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Ars Technica:
Questions abound as malicious phpMyAdmin backdoor found on SourceForge site
September 26, 2012 @ 09:45:59

As Ars Technica reports, there was a recent exploit found on the SourceForce website's installation of phpMyAdmin that allowed an attacker to POST anything to the site to be executed.

Developers of phpMyAdmin warned users they may be running a malicious version of the open-source software package after discovering backdoor code was snuck into a package being distributed over the widely used SourceForge repository. The backdoor contains code that allows remote attackers to take control of the underlying server running the modified phpMyAdmin, which is a Web-based tool for managing MySQL databases. The PHP script is found in a file named server_sync.php, and it reads PHP code embedded in standard POST Web requests and then executes it. T

The backdoor was somehow snuck into the code of phpMyAdmin on one of the mirrors and distributed to those downloading version 3.5.2.2. They think that the only downloads that were tainted with this issue were on the "cdnetworks" mirror site. You can find out more about the issue in this advisory - be sure you check your installation for a "server_sync.php" file and remove it if it exists.

0 comments voice your opinion now!
phpmyadmin sourceforge malicious eval serversync backboor


blog comments powered by Disqus

Similar Posts

Stefan Mischook's Blog: Introduction to MySQL Video Tutorial

Hardened-PHP Project: Advisory - phpMyAdmin Multiple CSRF Vulnerabilities

Vinu Thomas' Blog: Replace print_r and var_dump with Krumo

Chris Jones' Blog: Malicious website use will never go away: how do you manage it?

Help Net Security: Remote Vulnerabilities Discovered in phpMyAdmin


Community Events





Don't see your event here?
Let us know!


language opinion package security interview release voicesoftheelephpant podcast laravel tool composer community library series symfony install version update introduction framework

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework