php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #13749 >?php instead of <?php displays password and user info
Submitted: 2001-10-19 08:50 UTC Modified: 2001-10-19 08:56 UTC
Votes:1
Avg. Score:1.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: malcolm at prebon dot co dot uk Assigned:
Status: Not a bug Package: MySQL related
PHP Version: 4.0.6 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: malcolm at prebon dot co dot uk
New email:
PHP Version: OS:

 

 [2001-10-19 08:50 UTC] malcolm at prebon dot co dot uk
If you have a script that talks to a MySQL db and includes an inc in another directory with the login part of the script and you mistype the start as >?php instead of <?php then php returns the text of the inc file ( which contains the ip address, username and password of the mysql server )
This is what the script returned ( with real info which I have removed )

<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>
>?php
#
#dbconnect.inc
#
function &dbconnect()
{
	$link=@mysql_connect ("172.nnn.nnn.nn","xxxxx","yyyyyy");
	if ($link && mysql_select_db ("pwtdb"))
	{
		$dbok="True";
		return $dbok;
	}
	else
	{
		$dbok="False";
		return $dbok;
	}
}
?><br>
<b>Fatal error</b>:  Call to undefined function:  dbconnect() in <b>/usr/local/apache/htdocs/pwtvalidate.php</b> on line <b>37</b><br>



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-10-19 08:56 UTC] derick@php.net
PHP can not guard for typing errors. It's your own responsility.
Not a bug > bogus.

Derick
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Wed Aug 17 04:05:45 2022 UTC