Computer Security

Security Advisory: PHP MySQL Banner Exchange 2.2.1 remote mysql database bug
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  Adult Script Unauthorized Administrative Access Exploit

  Information disclosure vulnerabilities in WordPress

  Anon Proxy Server - Remote Code Execution

  Wordpress - Broken Access Control

From:arsalan1991_(at)_gmail.com <arsalan1991_(at)_gmail.com>
Date:16.12.2007
Subject:PHP MySQL Banner Exchange 2.2.1 remote mysql database bug

Discovered by Arsalan kashan
email=arsalan1991@gmail.com
portal=PHP MySQL Banner Exchange
download=http://sourceforge.net/projects/banex
version=2.2.1
bug:
its store the mysql database setting in a .inc file and you can easily read it as a anonymous user
/script_path/inc/lib.inc
the you can connect to mysql database
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server