[TriLUG] Security holes. Revealed by searching yahoo and google

Mike Fieschko mike.fieschko at devmike.com
Thu Jan 13 15:31:50 EST 2005


Misconfigured MySQL servers accessible though phpmyadmin:

http://www.threadwatch.org/node/1082

[begin quoting]

Hot on the heals of the recent Google unsecured Webcams search news
comes in via rumours at threadwatch.org of an even more serious security
breach made available by search engine queries. 

The latest discovery is that you can search for export processes
language changelog phpmyadmin at Yahoo and return a list of open,
vulnerable MySQL database servers.

In the wrong hands, and with a little advanced search knowledge that
query can be tweaked to find ecom sites and all manner of havoc wreaked.

Yahoo! have been alerted, but at the moment the vulnerability is still
easily found. This is not Yahoo's fault of course, this is a problem
with the hugely poplular Open Source MySQL database and the way in which
it has been deployed on some websites. The search just hightlights those
servers able to be manipulated.

You can do the same search on Google, but it's less accessible as you
have to add filter=0 to the end of the url string.

ADDED: Testing 1,2,3....

I've just tested this on a staged install by a friend and can assert
that it works well. I was able to delete tables and access data very
simply.

By Nick W at Jan 13 2005 - 12:12

[end quoting]

Mike Fieschko
Raleigh, NC




More information about the TriLUG mailing list