← Back to team overview

maria-discuss team mailing list archive

Re: How do I determine if versions of phpMyAdmin before 4.8.5 is SQL Injectable using sqlmap?


Am 17.04.19 um 23:03 schrieb Jeff Dyke:
> I've done this and i'm doing this, its not hard, everyone that needs db
> access can read a readme and give me a public key in a matter of
> seconds.  I'll take SSH over http-auth and a freaken app that can drop
> tables/database via a SQL injection bug any day of the week.  Granted
> that could be from poor user management, as NOONE has access to do
> anything destructive.
> I really don't care if you don't believe me, b/c this process has been
> fluid with 0 issues since i started using it about 6 years ago.  Oh and
> yesterdays users were 100% ordinary users (it doesn't get much more
> ordinary than marketing), they were added to the slave group with select
> only, and didn't get added to anything production related.

well, that's a completly different world than typical hosting

when you require from that target audience public-keys, install ative
apps, give them only read access you are just done because you ahrdly
can sell that to anybody