The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

phpMyadmin exploit?

Discussion in 'Database Discussions' started by DSLWeb, Jun 21, 2004.

  1. DSLWeb

    DSLWeb Member

    Joined:
    Apr 6, 2004
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Greetings,

    I have had a few sites with PHP script based sites a programmer has just made a program that uses an exploit to login to phpMyadmin and change the "God" user. Has anyone heard of this exploit yet?

    I am running the latest version of cPanel /WHM

    Module Latest Version Installed Version Status
    Apache Core 1.3.31 1.3.31
    Passthrough Authentication 1.8 1.8
    Bytes Logger 1.2 1.2
    Bandwidth Limiter 1.4 1.4
    PHP 4.3.7 4.3.4
    FrontPage 5.0.2.2634a 5.0.2.2634a
    mod_ssl 2.8.18 2.8.18
    OpenSSL 0.9.7a


    Thats what I am running anyone have any ideas or how to secure it?

    Regards,
    Lee
     
  2. mooseontheloose

    Joined:
    Jul 25, 2003
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    /usr/local/cpanel/base/3rdparty/phpMyAdmin

    check for yourself there
     
  3. noorolhoda

    noorolhoda Active Member

    Joined:
    Jul 19, 2004
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    hello
    Thats Right
    I have the same problem.5th of the sites had been hacked in a day.
    all of had been used latest version of nuke or phpbb or other portals.
    the hacker obtained the admin passwords.
    cpanels phpmyadmin version is 2.5.6 but the new version is 2.5.7 pl1 !!!!
    I upgrade it manualy :rolleyes:
     
  4. AP

    AP Well-Known Member

    Joined:
    Nov 5, 2002
    Messages:
    85
    Likes Received:
    0
    Trophy Points:
    6
    the problem from the scripts itself (nuke,phpbb) NOT phpMyadmin
     
  5. Sinewy

    Sinewy Well-Known Member

    Joined:
    May 15, 2004
    Messages:
    367
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Sydney, Australia
    cPanel Access Level:
    DataCenter Provider
    be sure to use the same config.inc.php file that was there previously or it may stuff up when you try going in with cpanel.

    cpanel tends to update their phpmyadmin once in like every few versions.
     
Loading...

Share This Page