D
D
danx2020-01-08 12:39:30
MySQL
danx, 2020-01-08 12:39:30

Exploit phpmyadmin from another OpenVZ container? Is it possible to?

We have a virtual server on OpenVZ.
The container has a MySQL 5.7.28 database installed, but no phpMyAdmin installed.
Presumably phpMyAdmin is installed in a nearby container on the same physical server.
The question is - is it possible to hack the database on my virtual server by attacking phpMyAdmin on a neighboring container, according to its known exploits?
The bottom line is that we obviously have the same IP with another container, and the same port 3306 for connecting to MySQL. Is it possible that phpMyAdmin, when hit by an exploit, would gain access to databases located on the same IP, but in different containers?
In fact, my database was hacked: they got root access, created a mysqlbackups user with all privileges on all databases, and then dropped all the tables in them and recreated one table with the name WARNING in each database. Inside this table there is text indicating the address of the bitcoin wallet and the hackers are asking for 0.06 BTC to "return" the databases into place.
_infimum supremum
To recover your lost Database and avoid leaking it: Send us 0.06 Bitcoin (BTC) to our Bitcoin address 1BLYhUDmnmVPVjcTWgc6gFT6DCYwbVieUD and contact us by Email with your Server IP or Domain name and a Proof of Payment. If you are unsure if we have your data, contact us and we will send you a proof. Your Database is downloaded and backed up on our servers. Backups that we have right now: . If we dont receive your payment in the next 10 Days, we will make your database public or use them otherwise. [email protected]
By this time about 200 people "hit" this bitcoin address, the data is breaking through that they paid hackers... And more than 40 abuse complaints were created against the hacker.
But not the point. The bottom line is that I'm trying to figure out where the hole is in my system. I'm considering these three options:
1) An attack from a neighboring container - this is the essence of the question, can it be? I can't decide myself.
2) Brute force attack individually on my container, brute force password
3) SQL injection on my php script on the web server.
If everything is clear according to paragraphs 2 and 3, then paragraph 1, if this is really possible, brings big problems to those who host on OpenVZ virtual machines, because then one inadequate "neighbor" with phpMyAdmin installed is enough for him to hack your bases...

Answer the question

In order to leave comments, you need to log in

1 answer(s)
R
Ruslan Fedoseev, 2020-01-08
@martin74ua

phpmyadmin is just a php application. It can stand anywhere. And it has nothing to do with your server.
But if you can connect to your mysql server from any address and sort out passwords - well, here you are your own evil Pinocchio

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question