 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 74
 Members: 0
 Total: 74
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
Have mySQL credentials to a forum. What can I do with them? |
|
 Posted: Wed May 26, 2010 5:47 pm |
 |
|
| VitoCorleone |
| Beginner |
 |
|
| Joined: May 20, 2010 |
| Posts: 3 |
|
|
|
 |
|
 |
|
If a person was to have the database details of a phpBB forum...what could the person do with them?
This is what I know about the target:
phpBB 3.0.5
subsilver2 style
Hosted with InMotionHosting
| Code: |
<?php
// phpBB 3.0.x auto-generated configuration file
// Do not change anything in this file!
$dbms = 'mysql';
$dbhost = 'localhost';
$dbport = '';
$dbname = '*****';
$dbuser = '********';
$dbpasswd = '*******';
$table_prefix = 'phpbb_';
$acm_type = 'file';
$load_extensions = '';
@define('PHPBB_INSTALLED', true);
// @define('DEBUG', true);
// @define('DEBUG_EXTRA', true);
?>
|
Of course I removed the actual details and replace them with asterisks.
Any suggestions at where I might start. I'm looking for vulnerability issues that might allow a person to deface the site.[/code] |
|
Last edited by VitoCorleone on Wed May 26, 2010 6:56 pm; edited 1 time in total |
|
|
|
|
Coppermine mySQL details too. |
|
| Posted: Wed May 26, 2010 6:55 pm |
|
|
| VitoCorleone |
| Beginner |
|
|
| Joined: May 20, 2010 |
| Posts: 3 |
|
|
|
|
|
|
|
What about Coppermine database details? If a person had those, what could they do? I believe the version is 1.4.25.
I have database credentials in plain text from the config.inc.php file.
| Code: | <?php
// Coppermine
define ( 'SILLY_SAFE_MODE' , 1 ) ;
$CONFIG['dbserver'] = 'localhost' ;
$CONFIG['dbuser' ] = '****' ;
$CONFIG['dbpass' ] = '******' ;
$CONFIG['dbname' ] = '******' ;
$CONFIG['TABLE_PREFIX'] = 'cpg_' ;
?>
|
| Code: | | /************************* Coppermine Photo Gallery ************************ Copyright (c) 2003-2008 Dev Team v1.1 originally written by Gregory DEMAR This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 3 as published by the Free Software Foundation. ******************************************** Coppermine version: 1.4.25 $HeadURL: https://coppermine.svn.sourceforge.net/svnroot/coppermine/trunk/cpg1.4.x/include/index.html $ $Revision: 5997 $ $Author: gaugau $ $Date: 2009-05-26 08:43:24 +0200 (Di, 26 Mai 2009) $ ******* |
I ran warex's exploit on them so they upgraded their coppermine version.
http://www.milw0rm.com/exploits/5019 |
|
|
|
|
|
|
|
|
| Posted: Wed May 26, 2010 8:29 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
1. you can connect remotely (if possible) or locally to the database engine and do whatever your user privileges allow.
2. in case of mysql root user and/or enabled file privileges it may be possible to read and write files at mysql server. It may lead to successfull shell dropping.
3. password reuse - people tend to use same password in multiple places, so mysql password may lead to email or even VPN account compromise. This is more like social engineering, involving human factor  |
|
|
|
|
|
|
|
|
| Posted: Wed May 26, 2010 9:10 pm |
|
|
| VitoCorleone |
| Beginner |
|
|
| Joined: May 20, 2010 |
| Posts: 3 |
|
|
|
|
|
|
|
| Quote: | | 1. you can connect remotely (if possible) or locally to the database engine and do whatever your user privileges allow. |
I'm pretty sure Remote connection to the database is not possible. I believe I tried to get in that way and it is turned off.
How can I connect locally to the database engine?
| Quote: | | 2. in case of mysql root user and/or enabled file privileges it may be possible to read and write files at mysql server. It may lead to successfull shell dropping. |
I'm pretty sure mysql root user is not possible as it is a shared server at inmotionhosting.com
| Quote: | | 3. password reuse - people tend to use same password in multiple places, so mysql password may lead to email or even VPN account compromise. This is more like social engineering, involving human factor |
I've tried using the passwords everywhere else. Seems like a dead end. |
|
|
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
