|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #30854 There?s an exploit, which lets you access the MySQL-Database
Submitted: 2004-11-21 13:11 UTC Modified: 2004-11-21 13:34 UTC
Avg. Score:5.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: zsak at gmx dot de Assigned:
Status: Not a bug Package: MySQL related
PHP Version: * OS: *
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: zsak at gmx dot de
New email:
PHP Version: OS:


 [2004-11-21 13:11 UTC] zsak at gmx dot de
I have a phpBB on my Webspace and 3 of my Friends have wBB, VB and IBP. 
I know a user(Nickname: gonzo), who says, he can access the whole Database over a PHP-Exploit. 
He knows all the secure (hidden) data of our Boards. 
Because we all use different Board-Versions it can?t be a Board-Exploit. 

Sorry, I don?t have more information, because the user doesn?t want to say, how the exploit works. 

The only thing I know is, that he knows the hidden data of our boards and therefore there must be a bug in PHP!


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2004-11-21 13:12 UTC]
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit as this bug system is not the
appropriate forum for asking support questions. 

Thank you for your interest in PHP.

It's phpBB problem.
 [2004-11-21 13:18 UTC] zsak at gmx dot de
It?s NOT a phpBB Problem!
As I said, WBB and IBP have the same problem. Please think about the problem! There is one!
 [2004-11-21 13:34 UTC]
Any script language can be exploitet if the app writers do not verify incoming data correctly. That said it is unlikely that PHP has a problem but instead it is most likely that those apps do not verify data themselves. Maybe they rely on magic quotes runtime which they shouldn't. And maybe the user found a way to use that fact...
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu May 23 16:01:35 2024 UTC