You might try the google search and add site:yourdomain to the search string.
On Fri, 14 Jan 2005 16:16:20 -0500, David McDowell <[EMAIL PROTECTED]> wrote: > I'm not sure I understand how I am supposed to check myself for this > possible flaw. > > thanks, > David > > On Thu, 13 Jan 2005 15:31:50 -0500, Mike Fieschko > <[EMAIL PROTECTED]> wrote: > > Misconfigured MySQL servers accessible though phpmyadmin: > > > > http://www.threadwatch.org/node/1082 > > > > [begin quoting] > > > > Hot on the heals of the recent Google unsecured Webcams search news > > comes in via [EMAIL PROTECTED] of an even more serious security > > breach made available by search engine queries. > > > > The latest discovery is that you can search for export processes > > language changelog phpmyadmin at Yahoo and return a list of open, > > vulnerable MySQL database servers. > > > > In the wrong hands, and with a little advanced search knowledge that > > query can be tweaked to find ecom sites and all manner of havoc wreaked. > > > > Yahoo! have been alerted, but at the moment the vulnerability is still > > easily found. This is not Yahoo's fault of course, this is a problem > > with the hugely poplular Open Source MySQL database and the way in which > > it has been deployed on some websites. The search just hightlights those > > servers able to be manipulated. > > > > You can do the same search on Google, but it's less accessible as you > > have to add filter=0 to the end of the url string. > > > > ADDED: Testing 1,2,3.... > > > > I've just tested this on a staged install by a friend and can assert > > that it works well. I was able to delete tables and access data very > > simply. > > > > By Nick W at Jan 13 2005 - 12:12 > > > > [end quoting] > > > > Mike Fieschko > > Raleigh, NC > > > > -- > > TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug > > TriLUG Organizational FAQ : http://trilug.org/faq/ > > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ > > TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc > > > -- > TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug > TriLUG Organizational FAQ : http://trilug.org/faq/ > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ > TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc > -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
