lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 19 Nov 2012 12:06:15 -0500
From: "H. Kurth Bemis" <kurth@...thbemis.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: phpmyadmin compromised?

This.

As I recall this happened after changing the "Secret Key".  I've also
see this happen after a major upgrade, likely due to the same reason.

Best of luck,
~k

On Mon, 2012-11-19 at 17:51 +0100, Christian Sciberras wrote:
> That is not a compromise. It is related to a change in encoding.
> Please clear your cookies and try again.
> 
> (I've had this exact problem in the past, but I don't remember the details)
> 
> 
> Chris.
> 
> 
> On Mon, Nov 19, 2012 at 5:48 PM, Benji <me@...ji.com> wrote:
> 
> > .. could you have provided any less information? why dont you look through
> > your code instead of emailing a screenshot to a mailing list? really?
> >
> >
> > On Mon, Nov 19, 2012 at 4:47 PM, Benji <me@...ji.com> wrote:
> >
> >> .. coul
> >>
> >>
> >> On Mon, Nov 19, 2012 at 4:45 PM, Lucio Crusca <lucio@...web.org> wrote:
> >>
> >>> Hello *,
> >>>
> >>> I've setup my browser to remember login & password at my server
> >>> phpmyadmin
> >>> login page. It usually fills the two fields correctly, but today it
> >>> showed
> >>> this crap instead:
> >>>
> >>>
> >>> http://img208.imagevenue.com/img.php?image=38933_php_myadmin_compromised_122_430lo.jpg
> >>>
> >>> Since I've already suffered a security breach through phpmyadmin in the
> >>> past, I immediately suspected another one. Please note that phpmyadmin is
> >>> shielded by http digest authentication since the previous accident.
> >>>
> >>> Are you aware of any security problems related to phpmyadmin (or to
> >>> Iceweasel 10 for that matter) that can cause such garbage on the login
> >>> page?
> >>>
> >>> Thanks in advance
> >>> Lucio.
> >>>
> >>>
> >>>
> >>>
> >>> _______________________________________________
> >>> Full-Disclosure - We believe in it.
> >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >>> Hosted and sponsored by Secunia - http://secunia.com/
> >>>
> >>
> >>
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> That is not a compromise. It is related to a change in encoding.
> Please clear your cookies and try again.
> 
> 
> (I've had this exact problem in the past, but I don't remember the
> details)
> 
> 
> 
> 
> Chris.
> 
> 
> On Mon, Nov 19, 2012 at 5:48 PM, Benji <me@...ji.com> wrote:
>         .. could you have provided any less information? why dont you
>         look through your code instead of emailing a screenshot to a
>         mailing list? really?
>         
>         
>         On Mon, Nov 19, 2012 at 4:47 PM, Benji <me@...ji.com> wrote:
>                 .. coul
>                 
>                 
>                 On Mon, Nov 19, 2012 at 4:45 PM, Lucio Crusca
>                 <lucio@...web.org> wrote:
>                         Hello *,
>                         
>                         I've setup my browser to remember login &
>                         password at my server phpmyadmin
>                         login page. It usually fills the two fields
>                         correctly, but today it showed
>                         this crap instead:
>                         
>                         http://img208.imagevenue.com/img.php?image=38933_php_myadmin_compromised_122_430lo.jpg
>                         
>                         Since I've already suffered a security breach
>                         through phpmyadmin in the
>                         past, I immediately suspected another one.
>                         Please note that phpmyadmin is
>                         shielded by http digest authentication since
>                         the previous accident.
>                         
>                         Are you aware of any security problems related
>                         to phpmyadmin (or to
>                         Iceweasel 10 for that matter) that can cause
>                         such garbage on the login page?
>                         
>                         Thanks in advance
>                         Lucio.
>                         
>                         
>                         
>                         
>                         _______________________________________________
>                         Full-Disclosure - We believe in it.
>                         Charter:
>                         http://lists.grok.org.uk/full-disclosure-charter.html
>                         Hosted and sponsored by Secunia -
>                         http://secunia.com/
>                 
>                 
>         
>         
>         
>         _______________________________________________
>         Full-Disclosure - We believe in it.
>         Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>         Hosted and sponsored by Secunia - http://secunia.com/
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ