EN | CZ
Main menu
Main page
Contacts
Distributors
Product Overview
Gallery
References
Observations
Download
Astronomical cameras
Software
Store
phpmyadmin hacktricks patched

Main pageProduct OverviewSoftware

4.12.2020 | phpmyadmin hacktricks patched
New firmware for C1 CMOS cameras doubles FPS

Phpmyadmin Hacktricks Patched Direct

Modern attackers use tools like nmap scripts (http-phpmyadmin-detect), sqlmap (with --os-shell), or Metasploit modules to automate these HackTricks. However, patch management is the defender's superpower.

A historic but instructive trick. Old versions allowed attackers to manipulate the $cfg['ThemePath'] or $cfg['Lang'] parameters to include local files (e.g., /etc/passwd).

A recent trick allowed attackers to upload .sql files with embedded PHP payloads, then trigger them via SQL LOAD DATA LOCAL INFILE.

Before discussing patches, we must understand what attackers look for. The term "HackTricks" refers to a collection of known techniques and payloads.

This was patched in version 5.1.2. It allowed an authenticated attacker to traverse directories via the $cfg['ThemeManager'] parameter.

The Patch: The checkFileAccess() function now resolves all .. and symlinks. phpmyadmin hacktricks patched

Post-Patch Reality: Many sysadmins apply the patch but forget to remove old libraries/ directories from previous versions. If an attacker finds a backup of libraries/Config/ from an unpatched version, they can manually include it if the server has allow_url_include enabled.

Takeaway: Patching the binary is not enough. You must purge outdated files.

Today, if you search for "phpmyadmin exploit," you will mostly find cached results for versions 3.x and 4.x that are no longer relevant on updated systems. The tool has integrated with modern authentication standards, supporting two-factor authentication (2FA) and OAuth integration. The "hacktricks" that once defined the software—eval(), serialization, weak defaults—have been methodically dismantled.

The "phpMyAdmin Hacktricks Patched" era serves as a testament to the resilience of open-source software. It demonstrates that while convenience often opens the door to vulnerability, vigilance and architectural refactoring can close it. The tool that was once the first step in a hacker's playbook has evolved into a robust, hardened interface that survives not by obscurity, but by engineering. The script kiddies have moved on to easier targets, leaving behind a fortified application that finally respects the power of the database it manages.

HackTricks meticulously catalogs methods to compromise phpMyAdmin. Most critical vulnerabilities that allows for Remote Code Execution (RCE) or Local File Inclusion (LFI) are found in older versions. Modern attackers use tools like nmap scripts (

CVE-2018-12613 (LFI to RCE): This is one of the most famous vulnerabilities featured in HackTricks. Affecting versions 4.8.0 and 4.8.1, it allowed an authenticated user to include arbitrary files by bypassing path validation. Attackers could achieve RCE by including a database file containing a "webshell".

SQL Injection (CVE-2020-5504): Affected versions 4.x (prior to 4.9.4) and 5.x (prior to 5.0.1). It occurred in the 'user accounts' page due to insufficient input sanitization.

Recent glibc/iconv Flaw (CVE-2024-2961): A more recent advisory, PMASA-2025-3, details how vulnerabilities in external libraries like glibc can potentially impact phpMyAdmin if specific configurations are met. Why "Patched" Status is Complex

Even though the developers at phpMyAdmin release frequent security updates, many systems remain vulnerable because:

Legacy Infrastructure: Many web hosting environments and older CMS installations package outdated versions of phpMyAdmin that are never manually updated by the user. Before discussing patches, we must understand what attackers

Configuration Weaknesses: Vulnerabilities often depend on specific PHP configurations, such as $cfg['AllowArbitraryServer'] = true or weak MySQL root passwords.

Third-Party Dependencies: Flaws in PHP or system libraries (like iconv) can open doors even when the phpMyAdmin core code is secure. Defensive Best Practices

To ensure your installation is truly "patched" and protected against the techniques listed on HackTricks, follow these steps:

The config.inc.php file is where you can define settings to enhance security.

$cfg['blowfish_secret'] = 'your_secret_key_here'; // Change this!
$cfg['ForceSSL'] = true; // Enable SSL
$cfg['CheckConfigurationPermissions'] = false; // Prevents permission checks, but ensure proper permissions are set

Doubling of the digitization frequency (and thus doubling of the maximum FPS) is achieved by firmware modification only. No hardware changes are necessary, so every C1 camera sold can be updated to faster speed.

Of course, only USB3 offers enough bandwidth to allow CMOS based cameras to fully unleash their potential, once considered super-fast 480Mbps of the USB2 connection is not sufficient to achieve even the original 60FPS of the C1-1500 camera.

Remark:

USB3 offers not only 10-time the bandwidth of the USB2, but also provides much higher power to attached devices. Especially the C1-12000 camera with large sensor may not work properly when connected to a computer with USB2 cable providing “only” 0.5A from the 5V power line (0.5A current limit is defined by the USB norm, but as numerous USB devices need higher current to function properly, modern motherboards do not hesitate to offer much higher current even from USB2 ports).

Nothing is free and very high FPS of CMOS sensors brings a disadvantage in the form of high amount of generated heat. In fact, every CMOS sensor is a fast running digital circuit and anybody familiar with large heat sinks and fans, intended to cool down modern processors and graphics cards, understands that such circuits generate heat. So, when cooled with the same cooling power like a CCD sensor, CMOS sensors operate at significantly higher temperature with all the disadvantages of higher dark current etc.

This is why the new Cx camera firmware offers the user to choose the fast and slow read mode (both 8-bit and 12-bit read modes are offered in slow and fast variants). Cx camera CMOS sensor generate less heat when operated in slow mode. So, when the download speed is not that important, for instance after minutes long exposure, slow mode is recommended (who cares whether full 12MPx image is downloaded in 0.12s or 0.06s). On the other side, when recording video of a planet, fast mode can be useful.

Cx camera read modes offered by SIPS camera tool

Cx camera read modes offered by SIPS camera tool

Hint:

Please note the sensor maintains the mode of the recently downloaded image. To slow-down the sensor, just choose some slow read mode (it is not important if 8-bit or 12-bit) and download at last one image. Until image is downloaded, the sensor runs at the speed defined by the read mode used to download last image.

Cx camera firmware update utility

The firmware update in all Cx cameras is handled by the “CxFirmware.exe” utility. While this utility installation package is included in the “\Tools\CxFirmware\” folder on the USB Flash Drives shipped recently with all Cx and Gx cameras, it is always recommended to visit our Download page to get the latest version of the utility installation package.

phpmyadmin hacktricks patched

Warning:

It is important to close all other software packages working with the respective camera prior to running the CxFirmware update utility. Accessing the camera from some other software during the firmware update process may result into camera malfunction and a necessity to send it to manufacturer for fix.

phpmyadmin hacktricks patched

The CxFirmware tool checks whether some Cx camera is connected to the host PC and if yes, it connects to it. The “Connected Camera” box shows the camera name and the “Connect” button remains disabled (camera is already connected). If the camera is attached to the PC only after the CxFirmware tool is launched, it is necessary to explicitly connect to it using the “Connect” button.

phpmyadmin hacktricks patchedphpmyadmin hacktricks patched

Remark:

Please note the CxFirmware tool can work with one camera at a time only. If there are multiple Cx cameras connected upon the tool starts, only the first enumerated camera is connected.

If we want to update other connected camera than is the first enumerated and connected one, click the “Disconnect” button, which unplugs the first enumerated camera. Then unplug the unwanted camera from the PC and click the “Connect” button again. The remaining camera will be connected to the tool.

The “Camera Firmware” box shows the firmware version in the currently connected camera. The second box labeled “Current Firmware” shows the latest released firmware version for the particular camera.

There are two ways how to update camera firmware:

  1. Fully automatic update. The tool downloads the latest firmware and writes the camera Flash memory. No other action than clicking the “Update Automatically” button is required from the user.

    If the camera firmware and the current firmware versions are the same, the “Update Automatically” button remains disabled as no update is necessary.

    Remark:

    This method requires active Internet connection.

  2. Manual update. This method requires the desired *.cfx file with respective camera firmware is already downloaded from our Firmware Download page. Clicking the “Update from File” button opens a file-choosing dialog box. The selected file is then written to the camera Flash memory. The CxFirmware tool performs extensive check to ensure only a file compatible with connected camera is written. Also, any file corruption is detected.

phpmyadmin hacktricks patched

The update process is performed in two phases. Do not unplug the camera while the firmware update is in progress!

 
 | Main page | Product Overview |