Sansec logo

Exposed database managers may be abused

Sansec

by Team Sansec

Published in Guides

eComscan searches for installed database managers, such as Adminer, PHPMyAdmin and PHPMiniAdmin. These scripts are a common attack vector for eCommerce stores. They pose two risks:

  1. A database manager opens up an extra line of access to your database. Often, attackers are found to install such a database manager themselves, to ensure future access (a backdoor). Normally, database managers require a database password to operate, however, these are often retrieved via other means.

  2. In certain conditions, even a properly password-protected database manager can be exploited to gain access. This technique abuses a flaw in the MySQL protocol. See our labs research for more information.

We recommend to not install any of these database managers on your production system. If you do need them, you should remove them after use.

Need expert advice? We are here to help!

Stay up to date with the latest eCommerce attacks

Sansec logo

experts in eCommerce security

Terms & Conditions
|
Privacy & Cookie Policy
Company Reg 77165187
|
Tax NL860920306B01