• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.
  • Upgrade Your Account
    Hello Guest! Upgrade your account to download all VIP Resource here

Lỗ hổng bảo mật CSRF quan trọng được báo cáo trong phpMyAdmin

Một lỗ hổng CSRF quan trọng được báo cáo trong phpMyAdmin cho phép kẻ tấn công thực hiện các hành động có hại lên cơ sở dữ liệu của bạn (như xóa dữ liệu, bảng,...)

Lỗ hổng đã được báo cáo tới các nhà phát triển của phpMyAdmin. Hiện bản cập nhật 4.7.7 đã phát hành để khắc phục lỗ hổng này. Vậy nên khuyến cáo các quản trị viên nên cập nhật càng sớm càng tốt.

1515047630914.png

Nguyên văn từ The Hackers News
A critical security vulnerability has been reported in phpMyAdmin—one of the most popular applications for managing the MySQL database—which could allow remote attackers to perform dangerous database operations just by tricking administrators into clicking a link.

Discovered by an Indian security researcher, Ashutosh Barot, the vulnerability is a cross-site request forgery (CSRF) attack and affects phpMyAdmin versions 4.7.x (prior to 4.7.7).

Cross-site request forgery vulnerability, also known as XSRF, is an attack wherein an attacker tricks an authenticated user into executing an unwanted action.

According to an advisory released by phpMyAdmin, "by deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables, etc."

phpMyAdmin is a free and open source administration tool for MySQL and MariaDB and is widely used to manage the database for websites created with WordPress, Joomla, and many other content management platforms.

Moreover, a lot of hosting providers use phpMyAdmin to offer their customers a convenient way to organize their databases.


Barot has also released a video, as shown above, demonstrating how a remote attacker can make database admins unknowingly delete (DROP) an entire table from the database just by tricking them into clicking a specially crafted link.

"A feature of phpMyAdmin was using a GET request and after that POST request for Database operations such as DROP TABLE table_name; GET requests must be protected against CSRF attacks. In this case, POST requests were used which were sent through URL (for bookmarking purpose may be); it was possible for an attacker to trick a database admin into clicking a button and perform a drop table database query of the attacker’s choice." Barot explains in a blog post.

However, performing this attack is not simple as it may sound. To prepare a CSRF attack URL, the attacker should be aware of the name of targeted database and table.

"If a user executes a query on the database by clicking insert, DROP, etc. buttons, the URL will contain database name and table name," Barot says. "This vulnerability can result in the disclosure of sensitive information as the URL is stored at various places such as browser history, SIEM logs, Firewall Logs, ISP Logs, etc."

Barot reported the vulnerability to phpMyAdmin developers, who confirmed his finding and released phpMyAdmin 4.7.7 to address this issue. So administrators are highly recommended to update their installations as soon as possible.
 

Facebook Comment


Users who viewed this discussion (Total: 0)


New posts New resources Most viewed threads Threads with more replies