iScouter PHP Web Portal System, MySQL Password in clear text

From: Cabezon Aurélien - LEXSI (aczat_private)
Date: Thu Apr 26 2001 - 06:00:01 PDT

Next message: Cabezon Aurélien - LEXSI: "Quote generator 0.01 by Eric Persson"

Previous message: Keith.Morgan: "Re: possible apache logging problem"
Next in thread: Pascal Bouchareine: "Re: iScouter PHP Web Portal System, MySQL Password in clear text"
Reply: Pascal Bouchareine: "Re: iScouter PHP Web Portal System, MySQL Password in clear text"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi all,

I have found that i can easily retrieve MySQL password of the last iScouter
PHP Web Portal System.

Exploit : www.your-iScouter-web-portal.com/config.inc

You can find those lines in clear text:

$CFG_DB_SERVERTYPE = "mySQL";
$CFG_DB_HOST = "www.your-iScouter-web-portal.com";
$CFG_DB_USERNAME = "root";
$CFG_DB_PASSWORD = "xxxxxxxxx";
$CFG_DB_NAME = "iscouter";

CFG_DB_SERVERTYPE: Database Server Type, you need check with
system_config.inc to find whether your database server is supported in
current version
CFG_DB_HOST:   Database Hostname
CFG_DB_USERNAME:  Database Username
CFG_DB_PASSWORD:   Database Password
CFG_DB_NAME:   Database Name

You should rename "config.inc" in "config.inc.php" and don't forget to
update the files linked with.

regards,


---
Cabezon Aurélien
iSecureLabs Team
http://www.iSecureLabs.com
French Staff

Next message: Cabezon Aurélien - LEXSI: "Quote generator 0.01 by Eric Persson"
Previous message: Keith.Morgan: "Re: possible apache logging problem"
Next in thread: Pascal Bouchareine: "Re: iScouter PHP Web Portal System, MySQL Password in clear text"
Reply: Pascal Bouchareine: "Re: iScouter PHP Web Portal System, MySQL Password in clear text"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Apr 26 2001 - 21:27:28 PDT