vicidial.org

I know there is a probability that this is well known by everyone already... but there is a nasty phpmyadmin bug that allows the user to exploit the php eval() function. Allows them to gain control of your box. I have had several boxes get nailed hard by this one including a vicibox install.

http://poc-hack.blogspot.com/2011/08/ph ... -3431.html

which is why we lock the phpmyadmin folder with a password.

Server:
Redux 3.1.9
phpmyadmin: Version information: 3.3.8.1

Client:
$ php -v
PHP 5.3.3-7+squeeze3 with Suhosin-Patch (cli) (built: Jun 28 2011 13:13:26)
$ php -i | grep -i 'curl info'
cURL Information => 7.21.0

$ php 48563.txt http://x.x.x.x/phpMyAdmin
[i] Running...
[*] Contacting server to retrive session cookie and token.
[!] Fail. Host not vulnerable. Web server writable folder http://x.x.x.x/phpMyAdmin/config/ does not exsist.
[*] Exiting...

more info about the vulnerabilities http://ha.xxor.se/2011/07/phpmyadmin-3x ... -code.html

1 piece of software declaring a server safe does not make it so.

also, i'm not sure how much i trust an app that misspells retrive.

i have had client systems broken into with the latest phpmyadmin installation (more than one). I suspect those would pass many tests ... but not this particular hacker. LOL

until AFTER we lock down the folder with an apache password ... then the problems seem to never come up. Don't know if the hacker goes away forever or if he bangs against the wall and fails. All I know is that none of our systems ship with unlocked phpmyadmin folder and all our existing clients who experience any issues at all have them locked immediately.

so far so good.

of course its not safe, I would never expose my vicidial-server to the internet anyway.
But as long as theres other clients on my network, I'm still not completely safe.

Just trying this one out because of curiosity and thought I might as well post the result here
regarding the spelling, first thing I noticed was "exsist" which looks a bit silly.