[Phpmyadmin-devel] Re: MAJOR security hole
Lo�c
loic-div at ifrance.com
Mon Aug 12 05:34:02 CEST 2002
Hi List!
> I've just had a major security hole reported to me by
> Colin Keigher (AnimeFreak) <animefreak at users.sourceforge.net>
> It relates to how some sites have PMA set up (they have username
> and password hardcoded, without any .htaccess protection).
Well it's not really a phpMyAdmin security hole. It's
up to the user to take care about such a problem.
Maybe we can add some words about the way to build an
".htaccess" file in the documentation.
> With using some of these URL's you can do stuff like:
>
http://www1.tsimtung.com/phpMyAdmin/sql.php?goto=/etc/passwd&btnDrop=No
As far as I remember, this issue has been fixed a long
time ago. A report about this problem were written by
SecureReality and we fixed it just after the 2.1.0
release.
Loïc
______________________________________________________________________________
Pour mieux recevoir vos emails, utilisez un PC plus performant !
Découvrez la nouvelle gamme DELL en exclusivité sur i (france)
http://www.ifrance.com/_reloc/signhdell
More information about the Developers
mailing list