PDA

Bekijk Volledige Versie : IMOEL CMS Sql password discovery



silversmith@ashiyane.com
12/12/05, 22:45
IMOEL CMS
has the weakness to download the plain text sql password in the setting.php file
*/*************************************
$setting['host']['username'] = 'sqlusername';
$setting['host']['password'] = 'sqlpassword';

***************************************
so u can download the setting.php file & view the plain text password

as the default imoel cms set the administrator user name and password same as sql password
u can access the setting.php file from this url

http://[site]/include/setting.php

mehrtash mallahzadeh
ashiyane digital security team
www.ashiyane.com
www.ashiyane.net
greetz
behrooz_ice , actionspider , q7x, ehsan

Steven M. Christey
15/12/05, 20:15
Hello,

>IMOEL CMS has the weakness to download the plain text sql password in
>the setting.php file
>
>*/*************************************
>$setting['host']['username'] = 'sqlusername';
>$setting['host']['password'] = 'sqlpassword';
>
>***************************************
>so u can download the setting.php file & view the plain text password

These commands appear within a "<?php >" construct, so on a properly
configuredeb server, I would think that the code would be executed due
to the ".php' extension. So there would not be any leak to a remote
attacker unless the attacker used some other vulnerability to obtain
the file.

Or is this a concern for multiple users on the same server? (I don't
know PHP that well so apologies if this is a dumb question.)

- Steve