[consulting] Drupal web design as hobby - shall I start consulting?
António P. P. Almeida
appa at perusio.net
Fri Aug 20 17:38:55 UTC 2010
On 20 Ago 2010 18h29 WEST, alexei at malinovski.org wrote:
> Thank you! I check the problem briefly. so, if I'm logged in to
> PHPmyadmin attackers somehow (how?) can inject SQL command. But I
> cannot understand how they do it.
Check the full message. The Proof Of Concept is there. Like I said
before I suggest you dump phpmyadmin altogether. That probably means
that you have to find a hosting provider that gives you SSH access. In
the long run it will save you time and $.
Like Larry said if a hosting company doesn't give you SSH access than
that is a tell tale sign that they're not interested in providing a
quality service. They're playing a pure numbers game.
I guess that you have to ask and wait that the hosting provider
upgrades the phpmyadmin version.
--- appa
More information about the consulting
mailing list