[Phpmyadmin-devel] MAJOR security hole
Delislma at CollegeSherbrooke.qc.ca
Mon Aug 12 05:13:03 CEST 2002
Robin Johnson wrote:
> Hi Guys,
> I've just had a major security hole reported to me by
> Colin Keigher (AnimeFreak) <animefreak at users.sourceforge.net>
> It relates to how some sites have PMA set up (they have username
> and password hardcoded, without any .htaccess protection).
> Basically, by searching on Google for "Welcome to phpMyAdmin" or it's
> translated equivilents, you can find a lot of PMA installations. You can
> put the version number in there as well, like "Welcome to phpMyAdmin
> Here is a sample URL to search:
> With using some of these URL's you can do stuff like:
Can a developer reproduce this problem? I tried and could not.
I even put my PHP in non-safe mode.
More information about the Developers