уязвимость в пхпмайадмине

Тема в разделе "Администрирование серверов", создана пользователем zerg, 5 авг 2010.

Статус темы:
Закрыта.
Модераторы: mefish, stooper
  1. zerg

    zerg

    Регистр.:
    5 май 2006
    Сообщения:
    262
    Симпатии:
    343
  2. swer

    swer

    Регистр.:
    15 июн 2008
    Сообщения:
    308
    Симпатии:
    38
    Мне пофиг,я спрятал пхпадмин под директориях,по логам вижу что много ботов пытаются его найти,но пока что тфу тфу не нашли...
     
  3. metallphilin

    metallphilin старожил nulled

    Регистр.:
    25 авг 2006
    Сообщения:
    616
    Симпатии:
    165

    о какое версии идет речь?

    ибо в репозитории не находит более новую версию:

     
  4. zerg

    zerg

    Регистр.:
    5 май 2006
    Сообщения:
    262
    Симпатии:
    343
    перейти по ссылкам не судьба?
    у меня стоит phpmyadmin-2.11.10-2
    Что такое реп? это бинарники собранные из исходников. Ты сам можешь собрать необходимый пакет если он отсутствует в репах.
     
  5. rit

    rit

    Регистр.:
    5 дек 2006
    Сообщения:
    571
    Симпатии:
    116
    Тема уже обсуждалась и на серче, обновляйте свою версию и будет все ок.
     
  6. metallphilin

    metallphilin старожил nulled

    Регистр.:
    25 авг 2006
    Сообщения:
    616
    Симпатии:
    165
    укажите, пожалуйста, ссылку, не все зарегистрированы на серче.

    phpMyAdmin - 2.11.10 моя версия.
     
  7. ORZ

    ORZ

    Регистр.:
    13 июн 2007
    Сообщения:
    255
    Симпатии:
    80
    Мениа узе какоето дерьмо сканит :confused:

    Код:
    87.106.142.65 - - [04/Aug/2010:17:02:52 +0300] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 404 319 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:02:52 +0300] "GET /scripts/setup.php HTTP/1.1" 404 295 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:02:52 +0300] "GET /admin/scripts/setup.php HTTP/1.1" 404 301 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:02:53 +0300] "GET /admin/pma/scripts/setup.php HTTP/1.1" 404 305 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:02:53 +0300] "GET /admin/phpmyadmin/scripts/setup.php HTTP/1.1" 404 312 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:02:53 +0300] "GET /db/scripts/setup.php HTTP/1.1" 404 298 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:02:53 +0300] "GET /dbadmin/scripts/setup.php HTTP/1.1" 404 303 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:02:53 +0300] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 303 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:02:54 +0300] "GET /mysql/scripts/setup.php HTTP/1.1" 404 301 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:02:54 +0300] "GET /mysqladmin/scripts/setup.php HTTP/1.1" 404 306 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:02:54 +0300] "GET /typo3/phpmyadmin/scripts/setup.php HTTP/1.1" 404 312 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:02:54 +0300] "GET /phpadmin/scripts/setup.php HTTP/1.1" 404 304 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:02:55 +0300] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 306 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:02:55 +0300] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 404 306 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:02:55 +0300] "GET /phpmyadmin1/scripts/setup.php HTTP/1.1" 404 307 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:02:55 +0300] "GET /phpmyadmin2/scripts/setup.php HTTP/1.1" 404 307 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:02:55 +0300] "GET /pma/scripts/setup.php HTTP/1.1" 404 299 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:02:56 +0300] "GET /web/phpMyAdmin/scripts/setup.php HTTP/1.1" 404 310 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:02:56 +0300] "GET /xampp/phpmyadmin/scripts/setup.php HTTP/1.1" 404 312 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:02:56 +0300] "GET /web/scripts/setup.php HTTP/1.1" 404 299 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:02:56 +0300] "GET /php-my-admin/scripts/setup.php HTTP/1.1" 404 308 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:02:57 +0300] "GET /websql/scripts/setup.php HTTP/1.1" 404 302 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:02:57 +0300] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 404 306 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:02:57 +0300] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 306 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:02:57 +0300] "GET /phpMyAdmin-2/scripts/setup.php HTTP/1.1" 404 308 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:02:58 +0300] "GET /php-my-admin/scripts/setup.php HTTP/1.1" 404 308 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:02:58 +0300] "GET /phpMyAdmin-2.2.3/scripts/setup.php HTTP/1.1" 404 312 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:02:58 +0300] "GET /phpMyAdmin-2.2.6/scripts/setup.php HTTP/1.1" 404 312 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:02:58 +0300] "GET /phpMyAdmin-2.5.1/scripts/setup.php HTTP/1.1" 404 312 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:02:58 +0300] "GET /phpMyAdmin-2.5.4/scripts/setup.php HTTP/1.1" 404 312 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:02:59 +0300] "GET /phpMyAdmin-2.5.5-rc1/scripts/setup.php HTTP/1.1" 404 316 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:02:59 +0300] "GET /phpMyAdmin-2.5.5-rc2/scripts/setup.php HTTP/1.1" 404 316 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:02:59 +0300] "GET /phpMyAdmin-2.5.5/scripts/setup.php HTTP/1.1" 404 312 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:02:59 +0300] "GET /phpMyAdmin-2.5.5-pl1/scripts/setup.php HTTP/1.1" 404 316 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:00 +0300] "GET /phpMyAdmin-2.5.6-rc1/scripts/setup.php HTTP/1.1" 404 316 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:00 +0300] "GET /phpMyAdmin-2.5.6-rc2/scripts/setup.php HTTP/1.1" 404 316 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:00 +0300] "GET /phpMyAdmin-2.5.6/scripts/setup.php HTTP/1.1" 404 312 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:00 +0300] "GET /phpMyAdmin-2.5.7/scripts/setup.php HTTP/1.1" 404 312 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:01 +0300] "GET /phpMyAdmin-2.5.7-pl1/scripts/setup.php HTTP/1.1" 404 316 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:01 +0300] "GET /phpMyAdmin-2.6.0-alpha/scripts/setup.php HTTP/1.1" 404 318 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:01 +0300] "GET /phpMyAdmin-2.6.0-alpha2/scripts/setup.php HTTP/1.1" 404 319 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:01 +0300] "GET /phpMyAdmin-2.6.0-beta1/scripts/setup.php HTTP/1.1" 404 318 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:02 +0300] "GET /phpMyAdmin-2.6.0-beta2/scripts/setup.php HTTP/1.1" 404 318 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:02 +0300] "GET /phpMyAdmin-2.6.0-rc1/scripts/setup.php HTTP/1.1" 404 316 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:02 +0300] "GET /phpMyAdmin-2.6.0-rc2/scripts/setup.php HTTP/1.1" 404 316 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:03 +0300] "GET /phpMyAdmin-2.6.0-rc3/scripts/setup.php HTTP/1.1" 404 316 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:03 +0300] "GET /phpMyAdmin-2.6.0/scripts/setup.php HTTP/1.1" 404 312 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:03 +0300] "GET /phpMyAdmin-2.6.0-pl1/scripts/setup.php HTTP/1.1" 404 316 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:03 +0300] "GET /phpMyAdmin-2.6.0-pl2/scripts/setup.php HTTP/1.1" 404 316 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:03 +0300] "GET /phpMyAdmin-2.6.0-pl3/scripts/setup.php HTTP/1.1" 404 316 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:04 +0300] "GET /phpMyAdmin-2.6.1-rc1/scripts/setup.php HTTP/1.1" 404 316 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:04 +0300] "GET /phpMyAdmin-2.6.1-rc2/scripts/setup.php HTTP/1.1" 404 316 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:04 +0300] "GET /phpMyAdmin-2.6.1/scripts/setup.php HTTP/1.1" 404 312 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:04 +0300] "GET /phpMyAdmin-2.6.1-pl1/scripts/setup.php HTTP/1.1" 404 316 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:05 +0300] "GET /phpMyAdmin-2.6.1-pl2/scripts/setup.php HTTP/1.1" 404 316 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:05 +0300] "GET /phpMyAdmin-2.6.1-pl3/scripts/setup.php HTTP/1.1" 404 316 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:05 +0300] "GET /phpMyAdmin-2.6.2-rc1/scripts/setup.php HTTP/1.1" 404 316 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:05 +0300] "GET /phpMyAdmin-2.6.2-beta1/scripts/setup.php HTTP/1.1" 404 318 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:06 +0300] "GET /phpMyAdmin-2.6.2-rc1/scripts/setup.php HTTP/1.1" 404 316 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:06 +0300] "GET /phpMyAdmin-2.6.2/scripts/setup.php HTTP/1.1" 404 312 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:06 +0300] "GET /phpMyAdmin-2.6.2-pl1/scripts/setup.php HTTP/1.1" 404 316 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:06 +0300] "GET /phpMyAdmin-2.6.3/scripts/setup.php HTTP/1.1" 404 312 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:06 +0300] "GET /phpMyAdmin-2.6.3-rc1/scripts/setup.php HTTP/1.1" 404 316 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:07 +0300] "GET /phpMyAdmin-2.6.3/scripts/setup.php HTTP/1.1" 404 312 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:07 +0300] "GET /phpMyAdmin-2.6.3-pl1/scripts/setup.php HTTP/1.1" 404 316 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:07 +0300] "GET /phpMyAdmin-2.6.4-rc1/scripts/setup.php HTTP/1.1" 404 316 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:07 +0300] "GET /phpMyAdmin-2.6.4-pl1/scripts/setup.php HTTP/1.1" 404 316 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:08 +0300] "GET /phpMyAdmin-2.6.4-pl2/scripts/setup.php HTTP/1.1" 404 316 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:08 +0300] "GET /phpMyAdmin-2.6.4-pl3/scripts/setup.php HTTP/1.1" 404 316 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:08 +0300] "GET /phpMyAdmin-2.6.4-pl4/scripts/setup.php HTTP/1.1" 404 316 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:08 +0300] "GET /phpMyAdmin-2.6.4/scripts/setup.php HTTP/1.1" 404 312 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:09 +0300] "GET /phpMyAdmin-2.7.0-beta1/scripts/setup.php HTTP/1.1" 404 318 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:09 +0300] "GET /phpMyAdmin-2.7.0-rc1/scripts/setup.php HTTP/1.1" 404 316 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:09 +0300] "GET /phpMyAdmin-2.7.0-pl1/scripts/setup.php HTTP/1.1" 404 316 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:09 +0300] "GET /phpMyAdmin-2.7.0-pl2/scripts/setup.php HTTP/1.1" 404 316 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:09 +0300] "GET /phpMyAdmin-2.7.0/scripts/setup.php HTTP/1.1" 404 312 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:10 +0300] "GET /phpMyAdmin-2.8.0-beta1/scripts/setup.php HTTP/1.1" 404 318 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:10 +0300] "GET /phpMyAdmin-2.8.0-rc1/scripts/setup.php HTTP/1.1" 404 316 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:10 +0300] "GET /phpMyAdmin-2.8.0-rc2/scripts/setup.php HTTP/1.1" 404 316 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:10 +0300] "GET /phpMyAdmin-2.8.0/scripts/setup.php HTTP/1.1" 404 312 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:11 +0300] "GET /phpMyAdmin-2.8.0.1/scripts/setup.php HTTP/1.1" 404 314 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:11 +0300] "GET /phpMyAdmin-2.8.0.2/scripts/setup.php HTTP/1.1" 404 314 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:11 +0300] "GET /phpMyAdmin-2.8.0.3/scripts/setup.php HTTP/1.1" 404 314 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:12 +0300] "GET /phpMyAdmin-2.8.0.4/scripts/setup.php HTTP/1.1" 404 314 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:12 +0300] "GET /phpMyAdmin-2.8.1-rc1/scripts/setup.php HTTP/1.1" 404 316 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:12 +0300] "GET /phpMyAdmin-2.8.1/scripts/setup.php HTTP/1.1" 404 312 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:12 +0300] "GET /phpMyAdmin-2.8.2/scripts/setup.php HTTP/1.1" 404 312 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:13 +0300] "GET /sqlmanager/scripts/setup.php HTTP/1.1" 404 306 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:13 +0300] "GET /mysqlmanager/scripts/setup.php HTTP/1.1" 404 308 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:13 +0300] "GET /p/m/a/scripts/setup.php HTTP/1.1" 404 301 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:13 +0300] "GET /PMA2005/scripts/setup.php HTTP/1.1" 404 303 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:13 +0300] "GET /pma2005/scripts/setup.php HTTP/1.1" 404 303 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:14 +0300] "GET /phpmanager/scripts/setup.php HTTP/1.1" 404 306 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:14 +0300] "GET /php-myadmin/scripts/setup.php HTTP/1.1" 404 307 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:14 +0300] "GET /phpmy-admin/scripts/setup.php HTTP/1.1" 404 307 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:14 +0300] "GET /webadmin/scripts/setup.php HTTP/1.1" 404 304 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:15 +0300] "GET /sqlweb/scripts/setup.php HTTP/1.1" 404 302 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:15 +0300] "GET /websql/scripts/setup.php HTTP/1.1" 404 302 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:15 +0300] "GET /webdb/scripts/setup.php HTTP/1.1" 404 301 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:15 +0300] "GET /mysqladmin/scripts/setup.php HTTP/1.1" 404 306 "-" "ZmEu"
    87.106.142.65 - - [04/Aug/2010:17:03:16 +0300] "GET /mysql-admin/scripts/setup.php HTTP/1.1" 404 307 "-" "ZmEu"
    
     
  8. metallphilin

    metallphilin старожил nulled

    Регистр.:
    25 авг 2006
    Сообщения:
    616
    Симпатии:
    165

    http://rub.altai.su/forum/showthread.php?p=322266

    у меня этих файлов нет. логи тоже чистые. на сайте пхпадмина, последняя версия так 3.3.5.

    Значит надо искать актуальный репозиторий центос.

    Добавлено через 21 минуту
    http://www.phpmyadmin.net/home_page/security/PMASA-2010-3.php
    и
    http://www.securityfocus.com/bid/37861

    суть в том, что уязвимы все версии _до 2.11.10

    решение обновиться до 2.11.10 или 3.0.0 и выше
     
  9. DrakonHaSh

    DrakonHaSh

    Регистр.:
    29 июн 2010
    Сообщения:
    358
    Симпатии:
    122
  10. SNiKE

    SNiKE Постоялец

    Регистр.:
    27 апр 2007
    Сообщения:
    50
    Симпатии:
    13
    Експлоит в пабле уже около полугода, всего-лишь допиленный вариант этого:
    http://www.gnucitizen.org/static/blog/2009/06/phpmyadminrcesh.txt
    По-старинке юзается баг выполнением кода в __destruct() после попадания пользовательских данных в unserialize()
    Вообще я был дико удивлен, получив письмо от fastvps, удивлен, что забили тревогу)) Описывать суть не буду, я думаю в нете уже не мало написали, но не смотря на то, что баг актуален до версии 2.11.10, експлоит своей актуальности не утратит еще долго(надеюсь), ну конечно не без помощи прямых рук))
     
Статус темы:
Закрыта.