293027
This morning going over the logs I found this
Host: 203.217.41.124 Url: /modules/phpmyadmin/admin/sql.php?lang=en-iso-8859-1&server=1&db=supernix_xoops&table=xoops_config&goto=tbl_properties.php&back=tbl_properties.php&sql_query=SELECT+%2A+FROM+%60xoops_config%60&pos=0&PHPSESSID=aed13a2e3e593f9d7c893a483bf3481e Http Code : 200
Date: May 28 03:15:17 Http Version: HTTP/1.1 Size in Bytes: 244435
Referer:
http://www.dnspad.com/modules/phpmyadmin/admin/sql.php?lang=en-iso-8859-1&server=1&db=supernix_xoops&table=xoops_config&goto=tbl_properties_structure.php&back=tbl_properties_structure.php&sql_query=SELECT+%2A+FROM+%60xoops_config%60&pos=0&PHPSESSID=aed13a2e3e593f9d7c893a483bf3481e Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; YComp 5.0.0.0; .NET CLR 1.0.3705)
and when I went to that URL it showed the PHPMyadmin and the table with options to manipulate the tables and such.
And shortly before that I found this :
Host: 210.50.219.22 Url: /modules/phpmyadmin/admin/index.php Http Code : 200
Date: May 28 03:13:41 Http Version: HTTP/1.1 Size in Bytes: 642
Referer: - Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
So I dont know if it is a problem with XOOPS or the PHPMyadmin module or Xoops
I have taken the PHPMyadmin module completely off the server to avoid any further cause for concern. But it sorta looks like to me that someone found a way to use the PHPMyadmin module to get access to the database.
Steve,
http://www.dnspad.com/