2

Is there an exploit in the translators.html file of phpMyAdmin?

The reason I ask is I have Bad Behavior installed on a server, and that server has a web app that the main index.php ends up handling 404 requests on it, so requests for this file at common paths is being requested quite a bit lately by a bot that fails Bad Behavior's tests.

It is hitting other servers, but those requests are not causing Bad Behavior to trigger because of no PHP scripts are running with those requests.

MiquelFire
  • 23
  • 5

2 Answers2

1

From looking around online I don't see an exploit specific to that file. It's likely the scanner being used is looking for that file as a signature to confirm phpMyAdmin's presence or version. If your site has not been compromised you can safely ignore the requests or block the offending IP.

Nathan V
  • 711
  • 5
  • 16
  • On the other hand, I wouldn't be surprised if there was. – Tom O'Connor Nov 28 '12 at 13:29
  • In a .html? I looked around for a bit and didn't see anything interesting. It makes sense as a signature or if-exists check to me. There's plenty of phpmyadmin scanners out there that go straight for the admin.php or similar. Asking for translators.html makes sense as a way to validate phpMA is there without being as likely to set off a IDS/IPS in the process. At least; that's what I would do. :) – Nathan V Nov 28 '12 at 14:06
  • Oh, I'm just massively suspicious of anything with php in the name. – Tom O'Connor Nov 28 '12 at 14:18
0

Disclaimer: I'm the author of Bad Behavior.

The file translators.html is interesting in that it's a publicly accessible part of the phpMyAdmin installation which happens to contain the version number. With this, a malicious party can determine what vulnerabilities the system may have, because of the phpMyAdmin version in use.

(And a Google search revealed a shocking number of public, very old phpMyAdmin installs...)

If you don't have phpMyAdmin on your system, then this is no particular cause for worry.

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972