php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #13749 >?php instead of <?php displays password and user info
Submitted: 2001-10-19 08:50 UTC Modified: 2001-10-19 08:56 UTC
Votes:1
Avg. Score:1.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: malcolm at prebon dot co dot uk Assigned:
Status: Not a bug Package: MySQL related
PHP Version: 4.0.6 OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: malcolm at prebon dot co dot uk
New email:
PHP Version: OS:

 

 [2001-10-19 08:50 UTC] malcolm at prebon dot co dot uk
If you have a script that talks to a MySQL db and includes an inc in another directory with the login part of the script and you mistype the start as >?php instead of <?php then php returns the text of the inc file ( which contains the ip address, username and password of the mysql server )
This is what the script returned ( with real info which I have removed )

<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>
>?php
#
#dbconnect.inc
#
function &dbconnect()
{
	$link=@mysql_connect ("172.nnn.nnn.nn","xxxxx","yyyyyy");
	if ($link && mysql_select_db ("pwtdb"))
	{
		$dbok="True";
		return $dbok;
	}
	else
	{
		$dbok="False";
		return $dbok;
	}
}
?><br>
<b>Fatal error</b>:  Call to undefined function:  dbconnect() in <b>/usr/local/apache/htdocs/pwtvalidate.php</b> on line <b>37</b><br>



Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-10-19 08:56 UTC] derick@php.net
PHP can not guard for typing errors. It's your own responsility.
Not a bug > bogus.

Derick
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Dec 22 02:01:28 2024 UTC