[41736] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: phpMyAdmin server_privileges.php SQL Injection Vulnerabilities.

daemon@ATHENA.MIT.EDU (michal@cihar.com)
Mon Dec 19 17:49:55 2005

Date: 19 Dec 2005 08:50:18 -0000
Message-ID: <20051219085018.15679.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: michal@cihar.com
To: bugtraq@securityfocus.com

Hi

There is no vulnerability in this - user needs to be logged in. You can do same (without messing SQL injection) by directly passing SQL statements to import.php or sql.php. Yes phpMyAdmin allows to execute queries to authenticated users, but it's main task of this program and can not be considered as vulnerability.

Michal


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[41736] in bugtraq

Re: phpMyAdmin server_privileges.php SQL Injection Vulnerabilities.

daemon@ATHENA.MIT.EDU (michal@cihar.com)Mon Dec 19 17:49:55 2005

daemon@ATHENA.MIT.EDU (michal@cihar.com)
Mon Dec 19 17:49:55 2005