php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #30854 There?s an exploit, which lets you access the MySQL-Database
Submitted: 2004-11-21 13:11 UTC Modified: 2004-11-21 13:34 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: zsak at gmx dot de Assigned:
Status: Not a bug Package: MySQL related
PHP Version: * OS: *
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2004-11-21 13:11 UTC] zsak at gmx dot de 
Description:
------------
I have a phpBB on my Webspace and 3 of my Friends have wBB, VB and IBP. 
I know a user(Nickname: gonzo), who says, he can access the whole Database over a PHP-Exploit. 
He knows all the secure (hidden) data of our Boards. 
Because we all use different Board-Versions it can?t be a Board-Exploit. 

Sorry, I don?t have more information, because the user doesn?t want to say, how the exploit works. 

The only thing I know is, that he knows the hidden data of our boards and therefore there must be a bug in PHP!

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-11-21 13:12 UTC] tony2001@php.net 
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions. 

Thank you for your interest in PHP.

It's phpBB problem.
 [2004-11-21 13:18 UTC] zsak at gmx dot de 
It?s NOT a phpBB Problem!
As I said, WBB and IBP have the same problem. Please think about the problem! There is one!
 [2004-11-21 13:34 UTC] helly@php.net 
Any script language can be exploitet if the app writers do not verify incoming data correctly. That said it is unlikely that PHP has a problem but instead it is most likely that those apps do not verify data themselves. Maybe they rely on magic quotes runtime which they shouldn't. And maybe the user found a way to use that fact...
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 18:01:28 2024 UTC