Exploit in translators.html of phpMyAdmin

MiquelFire asked:

Is there an exploit in the translators.html file of phpMyAdmin?

The reason I ask is I have Bad Behavior installed on a server, and that server has a web app that the main index.php ends up handling 404 requests on it, so requests for this file at common paths is being requested quite a bit lately by a bot that fails Bad Behavior’s tests.

It is hitting other servers, but those requests are not causing Bad Behavior to trigger because of no PHP scripts are running with those requests.

My answer:

Disclaimer: I’m the author of Bad Behavior.

The file translators.html is interesting in that it’s a publicly accessible part of the phpMyAdmin installation which happens to contain the version number. With this, a malicious party can determine what vulnerabilities the system may have, because of the phpMyAdmin version in use.

(And a Google search revealed a shocking number of public, very old phpMyAdmin installs…)

If you don’t have phpMyAdmin on your system, then this is no particular cause for worry.

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.