A critical vulnerability has been detected in phpMyAdmin, one of the most popular applications for managing the MySQL database, which will allow remote attackers to perform dangerous operations with the database, forcing administrators to click on the link.
The vulnerability discovered by the Indian security researcher, Ashutosh Barot, is an attack against the sub-request (CSRF) affecting phpMyAdmin 4.7.x (up to 4.7.7).
The cross-request sensitivity, also known as XSRF, is an attack in which an attacker tempts an authenticated user to take undesirable actions.
As recommended by phpMyAdmin, “users who click on a well-maintained URL can be misled in malicious database operations, such as deleting records, deleting/truncating spreadsheets, and so on.”
phpMyAdmin is a free open source administrative tool for MySQL and MariaDB and is often used to manage a database of sites created using WordPress, Joomla, and many other content management platforms.
In addition, many hosting providers use phpMyAdmin to provide their customers with a convenient way to organize their databases.
Barot also posted a video showing how a remote attacker can force database administrators to unconsciously erase the entire table from the database (DROP) by simply forcing them to click on a specially crafted link.
“The phpMyAdmin function consisted of using a GET request and after this POST request for database operations such as the name of the DROP TABLE table, GET requests must be protected from CSRF attacks, in which case POST requests were sent to the URL (for the purpose of the bookmark ) maybe), so that an attacker could force a database administrator to click on a button and execute a database query on the database of the attacker’s choice, “Barot explains in a blog post.
However, the execution of this attack is not as easy as it may seem. To prepare the URL of a CSRF attack, an attacker must know the name of the target database and the table.
“When a user requests a database by clicking” Paste “,” DROP “, etc., the URL contains the name of the database and the name of the table,” says Baro. “This vulnerability can lead to the disclosure of confidential information, since the URL is stored in various places, such as browsing history, SIEM protocols, firewall protocols, ISP protocols, etc.”
Baro reported the vulnerability of the phpMyAdmin developers, who confirmed their findings and released phpMyAdmin 4.7.7 to fix this problem. Administrators are strongly encouraged to update their installations as soon as possible.