Zero Day

Ryan Naraine and Dancho Danchev

Get Zero Day via:: Mobile; RSS; Email Alerts
Bios:: Ryan’s Bio; Dancho’s Bio

October 16th, 2009

phpMyAdmin Plugs SQL Injection, XSS Flaws

Posted by Ryan Naraine @ 8:47 am

Categories: Anti Virus, Arbitrary Code Execution, Browsers, Complex Attacks, Data theft, Denial of Service (DoS), Malware, Open source, Passwords, Patch Watch, Pen testing, Responsible disclosure

Tags: Flaw, XSS, SQL, SQL Injection, phpMyAdmin, Programming Languages, Databases, Security, Open Source, Software Development

A new version of phpMyAdmin has been released to plug two serious security holes that could lead to SQL injection and cross-site scripting attacks.

According to an advisory from the maintainers of the open-source tool, one of the vulnerabilities allow remote hackers to inject arbitrary web script or HTML via a crafted MySQL table name.

The second issue is a SQL injection vulnerability that allows remote attackers to inject SQL via various interface parameters of the PDF schema generator feature.

phpMyAdmin is an open source tool written in PHP intended to handle the administration of MySQL over the Web.

The group urged all users to upgrade to phpMyAdmin 3.2.2.1 or 2.11.9.6 immediately.

Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.

Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?

Talkback
Most Recent of 4 Talkback(s)

Thread View
Flat View

Nothing to do with MS: Actually, such vulnerabilities are OS-independent. They have to do with security measures that either the web-scripter builds (or not) or the scripting language ability to handle them natevely.
You... (Read the rest); Posted by: bmateus@... Posted on: 10/20/09 You are currently: a Guest | Log in | Terms of Use

More secure than Windows solutions... Christian_<>< | 10/16/09

Nothing to do with MS bmateus@... | 10/20/09

RE: phpMyAdmin Plugs SQL Injection, XSS Flaws gowithwind888 | 10/17/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Dynamic Virtual Clients Intel Intel IT plans to put virtualization on their client PCs - Dynamic Virtual ... Download Now
Red Hat support, patches, updates with the interoperability of Novell Novell With one, unified management tool for both Linux and Windows, your mixed ... Download Now
Live Webcast: The Power of Centralization in Distributed Development CollabNet Distributed teams are common in software development today. However ... Download Now

Blogs From Our Sponsors

Top Rated

And the most popular password is...+34 votes
Microsoft readies emergency IE patch to counter public exploits+33 votes
Report: 48% of 22 million scanned computers infected with malware+32 votes
Microsoft confirms 17-year-old Windows vulnerability+31 votes
Microsoft says Google was hacked with IE zero-day+31 votes
MS Patch Tuesday heads-up: 13 bulletins, 26 vulnerabilities+26 votes
Bogus IQ test with destructive payload in the wild+22 votes
Mozilla Firefox hit by malware add-ons+21 votes

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

Enterprise social software IBM Corp. In June 2009, IBM sponsored an interactive webinar to explore the ... Download Now
Fundamentals of Volume Activation Microsoft Volume Activation is a set of activation methods applicable to systems ... Download Now
Software Trial: AdminStudio(r) Migrates MSIs to Windows(r) 7 and App-V(r) Fast Flexera Software AdminStudio? allows IT to quickly prepare reliable virtual and MSI ... Download Now

SmartPlanet

Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
More from IBM
How to Drive Better Business Outcomes with Exceptional Web Experiences Download the eBook
Driving Business Agility through SOA Connectivity & Integration Read the White Paper from IBM
Linking Decisions and Information for Organizational Performance Read the Tom Davenport study

Zero Day

Ryan Naraine and Dancho Danchev

October 16th, 2009

phpMyAdmin Plugs SQL Injection, XSS Flaws

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Recent Entries

Blogs From Our Sponsors

Top Rated

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Archives

Favorite Links

41

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More

ZDNet News & Blogs

Product Reviews

Product Blogs

White Papers & Webcasts

Downloads

Zero Day

Ryan Naraine and Dancho Danchev

October 16th, 2009

phpMyAdmin Plugs SQL Injection, XSS Flaws

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Recent Entries

Blogs From Our Sponsors

Top Rated

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Keep up with ZDNet

Archives

Favorite Links

41

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More

ZDNet News & Blogs

Product Reviews

Product Blogs

White Papers & Webcasts

Downloads