

PhpMyAdmin Mirror Distributing Backdoored App - mike-cardwell
http://www.phpmyadmin.net/home_page/security/PMASA-2012-5.php

======
tedchs
Looking at the ridiculously high number of security bulletins at
<http://www.phpmyadmin.net/home_page/security/> would seem to indicate
PhpMyAdmin is _itself_ a backdoor.

PLEASE don't expose this app to the entire Internet if you use it... "Order
Deny,Allow / Allow from m.y.i.p / Deny from all" is your friend.

------
EwanToo
An exploit has been added to metasploit already

[https://github.com/rapid7/metasploit-
framework/commit/3ade5a...](https://github.com/rapid7/metasploit-
framework/commit/3ade5a07e7bb1b1f915a6421f3f1df0895e6f16d)

------
kstop
Wot, no hash check?

