Thursday, January 27, 2022

SourceForge Distributes backdoored PhpMyAdmin

One server from the mirror system was distributing a phpMyAdmin kit containing a backdoor.  This backdoor is located in file server_sync.php and allows an attacker to remotely execute PHP code. Another file, js/cross_framing_protection.js, has also been modified.

Getting access to a database administration tool this way is a immense win for a hacker. If the doctored version gets set up, you end up inside the network by invitation, via the functionary administration console, and normally with more ability than the genuine administrators.

The reality that only one mirror was contaminated reduced the total impact, with merely 400 users downloading the tampered release.

But 400 potentially-pwned networks of possibly-juicy databases is a much more troubling suggestion than 400 PCs infected with zombie malware.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Muslim match hacked

Muslim Match hacked – private messages leaked

Niche dating website “Muslim Match” has been hacked. Nearly 150,000 user credentials and information have …