|
|
| Register now to interact with over 11,000 members! Registered users have Posting Privileges, free access to Private Messaging, Email Notifications and more. |
|
|||||||
 |
|
|
Thread Tools |
6-11-12, 11:06 PM
|
#1 |
Join Date: Jun 2005
Location: Pennsylvania
Posts: 102
Reputation: 14
|
phpMyAdmin PHP Code Injection Exploit
While reviewing my 404 error logs I noticed a rash of referrers looking for phpMyAdmin files, curious I did some research and discovered this is an attempt at a code injection exploit.
I looked at my phpMyAdmin version and it is only 2.8.0.1, the current version is 3.5.1. I am guessing that I have no control as to what version of phpMyAdmin is running on Powweb? If I do, how do I update the version? Is my site vulnerable to this exploit?
__________________
....Thou I walk through the valley of the shadow of death, I will fear no evil... |
|
|
|
6-13-12, 03:19 PM
|
#2 |
|
PowWeb Staff
Join Date: Sep 2011
Location: Phoenix, AZ
Posts: 93
Reputation: 76
|
You don't have any control over phpMyAdmin. However, the exploit in question won't work, because our database servers are separate and independent of the web server (not the case on, for example, cPanel-based systems, where the same server runs everything). So there's no access to phpMyAdmin through the web server, only through your control panel, which connects over to the database server.
|
|
|
|
|
| Thread Tools | |
|
|
