Malicious phpMyAdmin served from SourceForge mirror
Posted on 25 September 2012.
A malicious version of the open source Web-based MySQL database administration tool phpMyAdmin has been discovered on one of the official mirror sites of SourceForge, the popular online code repository for free and open source software.


The phpMyAdmin team was notified of the issue by the Tencent Security Response Center, and they immediately put up a warning for its users. Then they proceeded to alert the team at SourceForge, who mounted an investigation into the matter.

"On September 25th, SourceForge became aware of a corrupted copy of phpMyAdmin being served from the ‘cdnetworks-kr-1′ mirror in Korea. This mirror was immediately removed from rotation," Rich Bowen, the Community Growth Hacker at SourceForge, confirmed on the site's blog.

"The mirror provider has confirmed the attack vector has been identified and is limited to their mirror; with exploit having occurred on or around September 22nd."

The file - phpMyAdmin-3.5.2.2-all-languages.zip - was modified to include a backdoor that allowed attackers to remotely execute PHP code on the server running the malicious version of phpMyAdmin.

According to their logs, some 400 users downloaded the corrupted file, and those who could be tracked down via those logs were immediately alerted.

"Downloaders are at risk only if a corrupt copy of this software was obtained, installed on a server, and serving was enabled. Examination of web logs and other server data should help confirm whether this backdoor was accessed," Bowen instructs.

"It is our recommendation that downloaders of this corrupted file (which contains ‘server_sync.php’) assess risk and take action as they deem appropriate, including deletion of the corrupted file and downloading a fresh copy."

At the time being, it seems that only that one file was corrupted, but the investigation continues.






Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Sep 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //