#30854 [NEW]: Thereīs an exploit, which lets you access the MySQL-Database

Sun, 21 Nov 2004 04:11:32 -0800 

From:             zsak at gmx dot de
Operating system: Irrelevant
PHP version:      Irrelevant
PHP Bug Type:     MySQL related
Bug description:  Thereīs an exploit, which lets you access the MySQL-Database

Description:
------------
I have a phpBB on my Webspace and 3 of my Friends have wBB, VB and IBP. 
I know a user(Nickname: gonzo), who says, he can access the whole Database
over a PHP-Exploit. 
He knows all the secure (hidden) data of our Boards. 
Because we all use different Board-Versions it canīt be a Board-Exploit. 

Sorry, I donīt have more information, because the user doesnīt want to
say, how the exploit works. 

The only thing I know is, that he knows the hidden data of our boards and
therefore there must be a bug in PHP!



-- 
Edit bug report at http://bugs.php.net/?id=30854&edit=1
-- 
Try a CVS snapshot (php4):   http://bugs.php.net/fix.php?id=30854&r=trysnapshot4
Try a CVS snapshot (php5.0): 
http://bugs.php.net/fix.php?id=30854&r=trysnapshot50
Try a CVS snapshot (php5.1): 
http://bugs.php.net/fix.php?id=30854&r=trysnapshot51
Fixed in CVS:                http://bugs.php.net/fix.php?id=30854&r=fixedcvs
Fixed in release:            http://bugs.php.net/fix.php?id=30854&r=alreadyfixed
Need backtrace:              http://bugs.php.net/fix.php?id=30854&r=needtrace
Need Reproduce Script:       http://bugs.php.net/fix.php?id=30854&r=needscript
Try newer version:           http://bugs.php.net/fix.php?id=30854&r=oldversion
Not developer issue:         http://bugs.php.net/fix.php?id=30854&r=support
Expected behavior:           http://bugs.php.net/fix.php?id=30854&r=notwrong
Not enough info:             
http://bugs.php.net/fix.php?id=30854&r=notenoughinfo
Submitted twice:             
http://bugs.php.net/fix.php?id=30854&r=submittedtwice
register_globals:            http://bugs.php.net/fix.php?id=30854&r=globals
PHP 3 support discontinued:  http://bugs.php.net/fix.php?id=30854&r=php3
Daylight Savings:            http://bugs.php.net/fix.php?id=30854&r=dst
IIS Stability:               http://bugs.php.net/fix.php?id=30854&r=isapi
Install GNU Sed:             http://bugs.php.net/fix.php?id=30854&r=gnused
Floating point limitations:  http://bugs.php.net/fix.php?id=30854&r=float
MySQL Configuration Error:   http://bugs.php.net/fix.php?id=30854&r=mysqlcfg

Reply via email to