php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #30854 There?s an exploit, which lets you access the MySQL-Database
Submitted: 2004-11-21 13:11 UTC Modified: 2004-11-21 13:34 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: zsak at gmx dot de Assigned:
Status: Not a bug Package: MySQL related
PHP Version: * OS: *
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: zsak at gmx dot de
New email:
PHP Version: OS:

 

 [2004-11-21 13:11 UTC] zsak at gmx dot de
Description:
------------
I have a phpBB on my Webspace and 3 of my Friends have wBB, VB and IBP. 
I know a user(Nickname: gonzo), who says, he can access the whole Database over a PHP-Exploit. 
He knows all the secure (hidden) data of our Boards. 
Because we all use different Board-Versions it can?t be a Board-Exploit. 

Sorry, I don?t have more information, because the user doesn?t want to say, how the exploit works. 

The only thing I know is, that he knows the hidden data of our boards and therefore there must be a bug in PHP!



Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-11-21 13:12 UTC] tony2001@php.net
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions. 

Thank you for your interest in PHP.

It's phpBB problem.
 [2004-11-21 13:18 UTC] zsak at gmx dot de
It?s NOT a phpBB Problem!
As I said, WBB and IBP have the same problem. Please think about the problem! There is one!
 [2004-11-21 13:34 UTC] helly@php.net
Any script language can be exploitet if the app writers do not verify incoming data correctly. That said it is unlikely that PHP has a problem but instead it is most likely that those apps do not verify data themselves. Maybe they rely on magic quotes runtime which they shouldn't. And maybe the user found a way to use that fact...
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 12 21:01:28 2024 UTC