Articles

A Bug in phpMyAdmin lets Hackers Delete Database Tables and Records

Amongst the most common and in demand applications for MySQL database management is the phpMyAdmin, which became vulnerable, when a critical flaw was found in the application’s security.

phpMyAdmin

phpMyAdmin is an administration tool for MariaDB and MySQL which is open source and free. It is vastly used in managing the database for websites which have been designed using Joomla, WordPress and other platforms for content management.

phpMyAdmin is used by many web hosts who provide convenient database organizing services to their customers.

Ashutosh Barot, an Indian researcher, discovered the defect in phpMyAdmin which could have been the reason that allowed cyber criminals to execute dangerous and harmful database operations by tricking the operators to open infected and malicious link.

The vulnerability, according to Ashutosh, is a Cross Site Request Forgery also known as CSRF. It is also found i the Top Ten list by The Open Web Application Security Project (OWASP).

The CSRF ,according to OWASP, forces a victim’s logged on browser to forward a fake HTTP request, as well as his session cookies and other information of authentication, towards a vulnerable network application. This allows hackers to force the browser to create requests that are perceived as authorized requests from the victim.

In simple terms, a CSRF is an attack where the hacker tricks a legitimate user into performing unwanted actions.

An upgrade, ‘4.7.7’ was released by phpMyAdmin to counter this issue after the vulnerability was reported to phpMyAdmin developers.

About the author

Mazen Elzanaty

Add Comment

Click here to post a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: