|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 93
Members: 0
Total: 93
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
What to do with this MySQL data? |
|
Posted: Thu Feb 21, 2008 5:29 pm |
|
|
kozine |
Regular user |
|
|
Joined: Feb 17, 2008 |
Posts: 6 |
|
|
|
|
|
|
|
Hey guys,
So I used a phpBB exploit to get ahold of the database name, database username and password. However, the database host is localhost.
How can I connect to that database remotely?
Cheers |
|
|
|
|
|
|
|
|
Posted: Fri Feb 22, 2008 12:22 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
1. Scan target webserver for TCP port 3306. If it's open, then it may be possible to connect remotely to mysql daemon.
2. Search for phpMyAdmin interface on target server and use credentials you have.
3. Find a way to get php remote code execution level on target server and then connect to mysql through php functionality.
4. Look for other webites on the same webserver (think about virtual hosting). Find weakest link.
5. One option is to buy hosting for one month to target webserver and then try to use it for database and file system access. In this case all depends on hosting server admins - how good are they at cross-user security management. |
|
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|