Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11A serious vulnerability on phpMyAdmin allows an attacker to destroy the database
A serious security vulnerability on phpMyAdmin - one of the most popular MySQL database management software will harm the database (database - DB) when the administrator is tricked into clicking on the link.
Discovered by security researcher Ashutosh Barot, this vulnerability called CSRF (Cross-site Request Forgery) exploits attack techniques using user authentication. The phpMyAdmin 4.7.x versions (before 4.7.7) are affected.
CSRF, also known as XSRF, is a technique where an attacker makes a user trick and perform unwanted actions, 'by tricking the user into clicking a malicious URL, which will harm the DB like deleting. record and delete data in the table . '
phpMyAdmin is an open source MySQL and MariaDB administration tool, used by many people to administer website databases created with WordPress, Joomla and many other CMS tools.
Many host providers also use phpMyAdmin to make it easier for customers to manage the database.
After detecting the vulnerability, Barot posted a video describing how the attacker caused the admin to delete (DROP command) the entire table without even knowing when the trick was clicked on the link.
'One feature of phpMyAdmin is to use GET requests, then POST to perform tasks like DROP TABLE table_name. GET is protected from CSRF attacks, but in this case, POST is used and sent via the URL (probably to bookmark) ', Barot explained.
However, this attack is not easy. To prepare the URL for CSRF attack, the attacker must know the name of the database and the table that he wants to delete.
'If the user executes a query on the DB by clicking on the DROP, insert button . then the URL will contain the DB name and table. This vulnerability will reveal sensitive information because URLs are stored in many places such as browser history, SIEM history, Firewall, ISP . ', Barot explained.
Barot reported this vulnerability to phpAdmin and version 4.7.7 was later patched.
See more:
- Here's how I hack 40 websites in 7 minutes
- DROP TABLE or DELETE TABLE statements in SQL
- Free Microsoft Labs repositories include: Windows Server, SQL Server and many other services
Lesley MontoyaYou should read it
- Use the ALTER DATABASE command to migrate DATABASE in SQL Server
- Instructions for installing MySQL on Windows and remote access
- Working with Rockmongo
- Instructions on how to connect to MySQL Database in Eclipse
- Test about database security P8
- How to Check Database Size in MySQL
- Database monitoring in MS SQL Server
- How to Create a Secure Session Management System in PHP and MySQL
May be interested
- New Vulnerability in Windows 10 Allows Admin Hijacking
windows 10 and windows 11 were vulnerable to a local escalation of privilege (eop) vulnerability after it was discovered that low-privileged users could access sensitive registry database files. - How to create a database in MySQLmysql can be a scary program. all commands must go through the command line interpreter program (command prompt) without any intuitive interface. therefore, the basic knowledge of how to create and manipulate on a database in mysql can save you time and avoid nuisance.
- New zero-day vulnerability warning in Windows Search, Windows protocol nightmare getting worsea new windows search vulnerability can be exploited to automatically open a search window containing remotely hosted malicious executable files just by launching a word document.
- How to recover the database in MS SQL Serversimply put, this is the process of retrieving the backup file and returning it to the database.
- How to remove PlusNetwork browser attacker. complusnetwork.com browser attacker is integrated via messenger plus toolbar! community. once installed, it will change the homepage and set the default search engine to www. plusnetwork. com.
- Microsoft urgently patched zero-day vulnerability after 2 years of refusing to acknowledge itmicrosoft has just released security updates to fix a high-severity zero-day vulnerability in windows.
- Overview of the Access 2010 tutorial seriesaccess 2010 is a database creation and management program. to better understand access, you must first understand the database.
- What is Database Security and how to secure the database effectively?database security refers to the measures taken to protect a business's data from unauthorized access, disclosure, alteration, or theft.
- How to Destroy an Old Computerif you have an old and dusty computer on your hands, you may be looking for a way to destroy it to keep your information safe or to get it out of the hands of you. the way you destroy the old computer will depend on your intentions for it...
- Detecting high-risk vulnerabilities potentially affecting 1 million servers worldwidethe vulnerability allows an attacker to read configuration files of the application, steal passwords or api tokens, and even hijack the server.
Attack the network
- Warning: Android fake Uber software appears to trick user passwords
- Again a phishing website falsely loaded a scratch card 10 times the value in Vietnam
- Former NSA hacker turned Kaspersky antivirus software into a spy tool
- Discovered a new line of malicious Android code that steals user data on the electronic application market
- Detects malicious code showing porn ads in children's games on Google Play
- The new vulnerability on Intel allows hackers to take control of your computer within 30 seconds
Warning: Android fake Uber software appears to trick user passwords
Again a phishing website falsely loaded a scratch card 10 times the value in Vietnam
Former NSA hacker turned Kaspersky antivirus software into a spy tool
Discovered a new line of malicious Android code that steals user data on the electronic application market
Detects malicious code showing porn ads in children's games on Google Play
The new vulnerability on Intel allows hackers to take control of your computer within 30 seconds