Another Major Security Hole Revealed by Yahoo and Google
Thread Title:
export processes language changelog phpmyadmin
export processes language changelog phpmyadmin
Thread Description:
Hot on the heals of the recent Google unsecured Webcams search news comes in via rumours@threadwatch.org of an even more serious security breach made available by search engine queries.
The latest discovery is that you can search for export processes language changelog phpmyadmin at Yahoo and return a list of open, vulnerable MySQL database servers.
In the wrong hands, and with a little advanced search knowledge that query can be tweaked to find ecom sites and all manner of havoc wreaked.
Yahoo! have been alerted, but at the moment the vulnerability is still easily found. This is not Yahoo's fault of course, this is a problem with the hugely poplular Open Source MySQL database and the way in which it has been deployed on some websites. The search just hightlights those servers able to be manipulated.
You can do the same search on Google, but it's less accessible as you have to add filter=0 to the end of the url string.
Hot on the heals of the recent Google unsecured Webcams search news comes in via rumours@threadwatch.org of an even more serious security breach made available by search engine queries.
The latest discovery is that you can search for export processes language changelog phpmyadmin at Yahoo and return a list of open, vulnerable MySQL database servers.
In the wrong hands, and with a little advanced search knowledge that query can be tweaked to find ecom sites and all manner of havoc wreaked.
Yahoo! have been alerted, but at the moment the vulnerability is still easily found. This is not Yahoo's fault of course, this is a problem with the hugely poplular Open Source MySQL database and the way in which it has been deployed on some websites. The search just hightlights those servers able to be manipulated.
You can do the same search on Google, but it's less accessible as you have to add filter=0 to the end of the url string.
ADDED: Testing 1,2,3....
I've just tested this on a staged install by a friend and can assert that it works well. I was able to delete tables and access data very simply.
- Y! MyWeb
Why not have an employee doing it
I really don't understand why G and Y! don't have employees looking out for such stuff. I think the negative press has more impact on the companies than paying a few, or at least one person looking out for such stuff full-time. Especially "tech companies" should be able to find such stuff on their own.
New Scientist
Hackers turn to Google to find weakest links
10:10 01 August 2003
http://www.newscientist.com/article.ns?id=dn4002
open [not password protected] MySQL servers, from
Another Major Security Hole Revealed by Yahoo and Google: Nick W ran yahoo and google searches and discovered many MySQL servers running without access limited by passwords, which servers' databases can be queried and manipulated through phpmyadmin. ...
Well
Ouch! I guess that things like this go with the terrority of using out of the box generic popular tools..Although, its hardly fair to expect the SE's to be responsible for poor website/server security admin.