PHP :: Bug #30854 :: There?s an exploit, which lets you access the MySQL-Database

Bug #30854

There?s an exploit, which lets you access the MySQL-Database

Submitted:

2004-11-21 13:11 UTC

Modified:

2004-11-21 13:34 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	0 of 0 (0.0%)

From:

zsak at gmx dot de

Assigned:

Status:

Not a bug

Package:

MySQL related

PHP Version:

OS:

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	zsak at gmx dot de
New email:
PHP Version:		OS:

New Comment:

[2004-11-21 13:11 UTC] zsak at gmx dot de

Description:
------------
I have a phpBB on my Webspace and 3 of my Friends have wBB, VB and IBP. 
I know a user(Nickname: gonzo), who says, he can access the whole Database over a PHP-Exploit. 
He knows all the secure (hidden) data of our Boards. 
Because we all use different Board-Versions it can?t be a Board-Exploit. 

Sorry, I don?t have more information, because the user doesn?t want to say, how the exploit works. 

The only thing I know is, that he knows the hidden data of our boards and therefore there must be a bug in PHP!

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-11-21 13:12 UTC] tony2001@php.net

Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions. 

Thank you for your interest in PHP.

It's phpBB problem.

[2004-11-21 13:18 UTC] zsak at gmx dot de

It?s NOT a phpBB Problem!
As I said, WBB and IBP have the same problem. Please think about the problem! There is one!

[2004-11-21 13:34 UTC] helly@php.net

Any script language can be exploitet if the app writers do not verify incoming data correctly. That said it is unlikely that PHP has a problem but instead it is most likely that those apps do not verify data themselves. Maybe they rely on magic quotes runtime which they shouldn't. And maybe the user found a way to use that fact...

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Dec 21 18:01:29 2024 UTC