News Feed
Jobs Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Ars Technica:
Questions abound as malicious phpMyAdmin backdoor found on SourceForge site
September 26, 2012 @ 09:45:59

As Ars Technica reports, there was a recent exploit found on the SourceForce website's installation of phpMyAdmin that allowed an attacker to POST anything to the site to be executed.

Developers of phpMyAdmin warned users they may be running a malicious version of the open-source software package after discovering backdoor code was snuck into a package being distributed over the widely used SourceForge repository. The backdoor contains code that allows remote attackers to take control of the underlying server running the modified phpMyAdmin, which is a Web-based tool for managing MySQL databases. The PHP script is found in a file named server_sync.php, and it reads PHP code embedded in standard POST Web requests and then executes it. T

The backdoor was somehow snuck into the code of phpMyAdmin on one of the mirrors and distributed to those downloading version 3.5.2.2. They think that the only downloads that were tainted with this issue were on the "cdnetworks" mirror site. You can find out more about the issue in this advisory - be sure you check your installation for a "server_sync.php" file and remove it if it exists.

0 comments voice your opinion now!
phpmyadmin sourceforge malicious eval serversync backboor


blog comments powered by Disqus

Similar Posts

Jay Allen's Blog: Adminer | The World's Smallest MySQL Admin Script

Ana Aman's Blog: PHPMyAdmin freezes on databases with too many tables

Ars Technica: Questions abound as malicious phpMyAdmin backdoor found on SourceForge site

PHPBuilder.com: PHPBuilder.com Founder Passes Away, Leaves Indelible Legacy in FLOSS Development

Hardened-PHP Project: phpMyAdmin - error.php XSS Vulnerability


Community Events











Don't see your event here?
Let us know!


unittest install hhvm framework hack example security facebook series release language application symfony2 opinion introduction component package code podcast composer

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework