<<< Date Index >>>     <<< Thread Index >>>

about recent phpMyAdmin "vulnerabilities"



Hi,
On 2007-08-10, an advisory was published:

http://www.securityfocus.com/bid/25268

I don't consider these exploits to be a threat at all, because an attacker has to know in advance the victim's phpMyAdmin token, which is generated with

md5(uniqid(rand(), true))

Marc Delisle
phpMyAdmin project