phpMyAdmin - MySQL database manager

phpMyAdmin CSRF vulnerability explained

phpMyAdmin is a MySQL database manager that is quite common, and most of the WordPress users know this software. Recently CSRF (Cross-Site Request Forgery) vulnerability was found by an Indian security researcher Ashutosh Barot in phpMyAdmin versions 4.7.x (before 4.7.7). Soon after the release of information about this vulnerability, users also reacted. It has caused some sharp discussions in the forums. However, the biggest problem is that only a few people tried to understand how it works for real.

CSRF vulnerability explained

First of all, let’s talk about CSRF vulnerability type. Cross-Site Request Forgery vulnerability allows an attacker to trick the logged in web application administrator or any user with sufficient rights to make a predefined action without knowing it. An attacker prepares specially crafted link that has necessary parameters to execute the preset operation. By clicking such link authenticated user sends the malicious request to the web application.

In this case, phpMyAdmin operates with GET requests unprotected from Cross-Site Request Forgery.

Conditions required to exploit phpMyAdmin CSRF vulnerability

It’s the best part about this vulnerability, looks like exploitation of it is a hardly possible due to required conditions. The attack is possible only if the user is logged in to phpMyAdmin and clicks up the crafted link. But there goes another problem. An attacker needs to know several things to prepare the malicious link. He needs a URL of the database, database name and name of the table that he wants to delete (for example). And it’s quite hard to hit logged in user with a proper link at the right time. All of this looks like waiting for a planetary alignment, it happens sometimes, but usually, you might expect it in several thousand years.

So don’t panic. It’s not a critical security issue unless you like to stay logged in on phpMyAdmin and have an obsession to click all links regardless of their origin. Otherwise common sense and compliance with simple security rules will protect you from such attacks.

Alternative attack scenario

However, a combination of several types of attacks could increase a chance of CSRF success. It is possible by combining social engineering and clickjacking attacks. In this case, everything starts with social engineering by tricking a user of phpMyAdmin to click the link on the clickjacking site (UI redress attack) with the hope that user has passwords saved in his browser. After the success of this step, it is possible to continue with a CSFR attack.

To conclude, we would like to remind you that the success of such attacks depends more on the user’s approach to security because these attacks based on the irresponsible behaviour of the web application users. Don’t stay logged in on the application if you’re not using it at the moment and don’t click on suspicious links.

Darius S.

Similar Posts

ThreatPress API keys

Free WordPress Vulnerability Database API

Recently, we received a few queries related to our services, specifically for WordPress Vulnerability Database. So to make it clear we ...

CIA triad - information security

CIA triad in the WordPress and WooCommerce security perspective

CIA triad is an abbreviation for confidentiality, integrity, and availability. The CIA triad is considered to be the basis for all ...

PCI compliance WooCommerce

What is PCI compliance and do you need it for your WooCommerce store

PCI compliance or more precisely PCI DSS (Payment Card Industry Data Security Standard) developed by the Payment Card Industry Security ...

Leave a Reply

Your email address will not be published. Required fields are marked *