An Indian security researcher, Ashutosh Barot, discovered a vulnerability that affects Phpmyadmin.
As one of the most popular applications for managing the MySQL Database, phpMyAdmin versions 4.7.x (prior to 4.7.7) has a cross-site request forgery (CSRF) vulnerability. This critical flaw would allow remote attackers to perform database operations just by tricking administrators of websites into clicking a link.
According to an advisory released by phpMyAdmin: "by deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables, etc."
Barot has released a video in which he demonstrated how a remote attacker can make database administrators unknowingly delete (DROP) an entire table from the database just by tricking them into clicking a specially crafted link.
"A feature of phpMyAdmin was using a GET request and after that POST request for Database operations such as DROP TABLE table_name; GET requests must be protected against CSRF attacks. In this case, POST requests were used which were sent through URL (for bookmarking purpose may be); it was possible for an attacker to trick a database admin into clicking a button and perform a drop table database query of the attacker’s choice," explained Barot in a blog post.
However, performing this attack is not at all simple. Attackers that want to use CSRF attack URL need to be aware of the name of the targeted database and table, and getting this information should be difficult for them as a start.
But if they managed to get their hands on the information, the result can be devastating.
"If a user executes a query on the database by clicking insert, DROP, etc. buttons, the URL will contain database name and table name," Barot says. "This vulnerability can result in the disclosure of sensitive information as the URL is stored at various places such as browser history, SIEM logs, Firewall Logs, ISP Logs, etc."
phpMyAdmin is a free software tool written in PHP, intended to handle the administration of MySQL and MariaDB over the web.
It's popular on a lot of hosting providers where they use phpMyAdmin as a convenient way for customers to organize their databases. phpMyAdmin is widely used to manage the database for websites created with Content Management System like WordPress, Drupal and Joomla.
Barot has reported this vulnerability to phpMyAdmin developers, who confirmed his finding and released phpMyAdmin 4.7.7 to address this issue.