[Phpmyadmin-devel] Re: MAJOR security hole

Lo�c loic-div at ifrance.com
Mon Aug 12 05:34:02 CEST 2002


Hi List!

> I've just had a major security hole reported to me by
> Colin Keigher (AnimeFreak) <animefreak at users.sourceforge.net>
> It relates to how some sites have PMA set up (they have username
> and password hardcoded, without any .htaccess protection).

Well it's not really a phpMyAdmin security hole. It's
up to the user to take care about such a problem.
Maybe we can add some words about the way to build an
".htaccess" file in the documentation.

> With using some of these URL's you can do stuff like:
>
http://www1.tsimtung.com/phpMyAdmin/sql.php?goto=/etc/passwd&btnDrop=No

As far as I remember, this issue has been fixed a long
time ago. A report about this problem were written by
SecureReality and we fixed it just after the 2.1.0
release.

Loïc


______________________________________________________________________________
Pour mieux recevoir vos emails, utilisez un PC plus performant !
Découvrez la nouvelle gamme DELL en exclusivité sur i (france)
http://www.ifrance.com/_reloc/signhdell





More information about the Developers mailing list