A Bug in phpMyAdmin lets Hackers Delete Database Tables and Records

  • 751
  •  
  •  
  •  
  • 1
  •  
  •  
  •  
    752
    Shares

Amongst the most common and in demand applications for MySQL database management is the phpMyAdmin, which became vulnerable, when a critical flaw was found in the application’s security.

phpMyAdmin

phpMyAdmin is an administration tool for MariaDB and MySQL which is open source and free. It is vastly used in managing the database for websites which have been designed using Joomla, WordPress and other platforms for content management.

phpMyAdmin is used by many web hosts who provide convenient database organizing services to their customers.

Ashutosh Barot, an Indian researcher, discovered the defect in phpMyAdmin which could have been the reason that allowed cyber criminals to execute dangerous and harmful database operations by tricking the operators to open infected and malicious link.

The vulnerability, according to Ashutosh, is a Cross Site Request Forgery also known as CSRF. It is also found i the Top Ten list by The Open Web Application Security Project (OWASP).

The CSRF ,according to OWASP, forces a victim’s logged on browser to forward a fake HTTP request, as well as his session cookies and other information of authentication, towards a vulnerable network application. This allows hackers to force the browser to create requests that are perceived as authorized requests from the victim.

In simple terms, a CSRF is an attack where the hacker tricks a legitimate user into performing unwanted actions.

Check out this link to know more about how it works:

An upgrade, ‘4.7.7’ was released by phpMyAdmin to counter this issue after the vulnerability was reported to phpMyAdmin developers.

 

The following two tabs change content below.

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Leave a Reply