Bugtraq mailing list archives

PHP MySQL Banner Exchange 2.2.1 remote mysql database bug

From: arsalan1991 () gmail com
Date: 14 Dec 2007 08:42:16 -0000

Discovered by Arsalan kashan
email=arsalan1991 () gmail com
portal=PHP MySQL Banner Exchange
download=http://sourceforge.net/projects/banex
version=2.2.1
bug:
its store the mysql database setting in a .inc file and you can easily read it as a anonymous user
/script_path/inc/lib.inc
the you can connect to mysql database

Current thread:

PHP MySQL Banner Exchange 2.2.1 remote mysql database bug arsalan1991 (Dec 14)
- <Possible follow-ups>
- Re: PHP MySQL Banner Exchange 2.2.1 remote mysql database bug theredc0ders (Dec 17)
- Re: Re: PHP MySQL Banner Exchange 2.2.1 remote mysql database bug arsalan1991 (Dec 18)