[Phpmyadmin-devel] Re: MAJOR security hole
Delislma at CollegeSherbrooke.qc.ca
Mon Aug 12 07:23:02 CEST 2002
> ----- Original Message -----
> From: "Robin Johnson" <robbat2 at fermi.orbis-terrarum.net>
>>I've just had a major security hole reported to me by
>>Colin Keigher (AnimeFreak) <animefreak at users.sourceforge.net>
>>It relates to how some sites have PMA set up (they have username
>>and password hardcoded, without any .htaccess protection).
> Arg...! No comment :o)
>>Basically, by searching on Google for "Welcome to phpMyAdmin" or it's
>>translated equivilents, you can find a lot of PMA installations. You can
>>put the version number in there as well, like "Welcome to phpMyAdmin
>>Here is a sample URL to search:
>>With using some of these URL's you can do stuff like:
> I've just merged a fix against that, but it needs some testing since I do
> not have a machine here which is affected by this securety hole.
you won't like me, but I think we should wait to include a fix for a
"hole" until a developer can reproduce it.
More information about the Developers