phpMyAdmin needs 'another patch' it seems...
|
| Author | Content |
|---|---|
| henke54 Oct 12, 2011 3:50 AM EDT |
Quoting:White explained that it appears the database was accessed by either cracking into or through a vulnerability in phpMyAdmin.http://ostatic.com/blog/another-linux-project-hacked |
| fewt Oct 12, 2011 6:45 AM EDT |
All I have to say is - learn 2 security. The lessons that these sites are learning should be learned by all. When I wrote articles discussing the subject they were dismissed as unnecessary - yeah, really unnecessary, right? If you are hosting and you expose phpMyAdmin (or any other service like it) directly on the internet - you should be fired. |
| phsolide Oct 12, 2011 11:12 AM EDT |
That reminds me: my servers get 2 or 3 batches of requests every day, asking for 20 or 30 variants on phpMyAdmin.php or setup.php Since I'm not running phpMyAdmin, I see this as an opportunity to muck with whoever runs "ZmEu", the user agent of the tool trying all these requests. What kind of offensive capabilities can a PHP file implement? I can probably "tarpit" ZmEu by rationing the output over a span of several 10s of seconds, but there has to be more. When I google for phrases like "offensive PHP" or the like, I just get a bunch of rants about how terrible PHP code looks. What's the magic word to get Google to give me PHP's offensive capabilities? |
| jdixon Oct 12, 2011 12:18 PM EDT |
> What's the magic word to get Google to give me PHP's offensive capabilities? PHP tarpit seems to get a least one useful hit. |
| techiem2 Oct 12, 2011 12:45 PM EDT |
Well...if bandwidth isn't an issue...you could fill the file with huge amounts of nothing to generate a very large file to be retrieved.... |
| gus3 Oct 12, 2011 1:43 PM EDT |
Like ten megs of /dev/urandom. |
| jimbauwens Oct 12, 2011 3:54 PM EDT |
I just put "You Failed :)" in an empty html page. The real phpmyadmin is only accessible internally. |
| phsolide Oct 12, 2011 4:01 PM EDT |
I thought about having a file "phpMyAdmin.php" that just gives back a lot of random bytes. I thought of a tarpitting file, that gives back the real "phpMyAdmin.php" (which I don't have installed) one byte ever 5 or so seconds. I thought of giving back HTML that's significantly deformed, trying to break the "ZmEu" HTML parser, if it has one. I thought about giving back HTTP headers with thousands of cookies, or an odd character set, or doing malformed "chunked" responses. I thought about having it do 302 redirects to randomly named PHP files, and using mod_rewrite to map all those URLs back to the 302-redirecting file. I just want someone else to have done all the hard stuff for me. |
| jimbauwens Oct 12, 2011 4:43 PM EDT |
http://www.theta.tk/wiki/ZmEu/public_source contains the code to the tool. Maybe we can find an exploit to that tool, and make it do fun stuff to the server hosting it (like reboot it). |
Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]
Becoming a member of LXer is easy and free. Join Us!