diff options
| author | mo khan <mo@mokhan.ca> | 2016-02-16 17:37:07 -0700 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2016-02-16 17:37:07 -0700 |
| commit | 29a2a22e6754c834543f29fcd336a3437fe30c4f (patch) | |
| tree | 03dd1b0757aaa0eefa10ce419bdea4fc9f27eb88 | |
| parent | e357ed7d32d00f066bb14511ab9863865d08bf2d (diff) | |
add phpMyAdmin vulnerability.
| -rw-r--r-- | report/images/ultimatelamp-php-myadmin.png | bin | 0 -> 263386 bytes | |||
| -rw-r--r-- | report/template.tex | 41 |
2 files changed, 41 insertions, 0 deletions
diff --git a/report/images/ultimatelamp-php-myadmin.png b/report/images/ultimatelamp-php-myadmin.png Binary files differnew file mode 100644 index 0000000..dbaacee --- /dev/null +++ b/report/images/ultimatelamp-php-myadmin.png diff --git a/report/template.tex b/report/template.tex index d4b98a2..e5fb134 100644 --- a/report/template.tex +++ b/report/template.tex @@ -116,6 +116,7 @@ of key web applications and user data. \item Root access to MySQL server \item Vulnerable Wordpress Spreadsheet Plugin \item Default Tomcat Installation + \item PHPMyAdmin root Access \end{enumerate} The following sections details the penetration testing results and provides @@ -132,6 +133,7 @@ recommendations to remediate the issues identified. High & Root access to MySQL server. & Disable mysql root account. \\ \hline Medium & Vulnerable Wordpress Spreadsheet Plugin. & Disable vulnerable plugin or upgrade. \\ \hline High & Default Tomcat Installation & Change default tomcat installation. \\ \hline + High & PHPMyAdmin root Access & Secure access to phpMyAdmin. \\ \hline \hline \end{tabular} \end{center} @@ -582,6 +584,45 @@ ability to run shell commands on this host. %\subsection{Attacker Control of Archmake Transactions} \newpage +\section{PHPMyAdmin root Access} + +\begin{description} + \item[Severity] High + \item[Impact] Full data loss. + \item[Affected Resources/System] http://ultimatelamp.sait230.ca/phpmyadmin/ + \item[Summary] PHPMyAdmin root Access +\end{description} + +\paragraph{PHPMyAdmin} +The PHPMyAdmin page is not secured and allows public access. This allows +any user on the network with a browser to connect to get a dump of all user +data defined in all databases hosted on this server. It allows +users to view system variables, view running processes, add users, drop +databases, export databases, import databases as well as many other functions. + +\begin{figure}[h!] + \includegraphics[width=\linewidth]{images/ultimatelamp-php-myadmin.png} + \caption{PHPMyAdmin dashboard.} + \label{fig:ultimatelamp-phpmyadmin} +\end{figure} + +\paragraph{Recommendation} + +\begin{enumerate} + \item Disable remote root access to PHPMyAdmin. + \item Restrict which IP addresses can connect to PHPMyAdmin. + \item Enable SSL only access to PHPMyAdmin. + \item Change alias name `phpmyadmin' to something less obvious. +\end{enumerate} + +\paragraph{References} + +\begin{enumerate} + \item http://docs.phpmyadmin.net/en/latest/config.html + \item https://gist.github.com/Exadra37/8708006 +\end{enumerate} + +\newpage \section{Appendix A: Reconnaissance} In order to get an understanding of what hosts are active on the network the first step |
