Re: IMOEL CMS Sql password discovery

To: silversmith@xxxxxxxxxxxx
Subject: Re: IMOEL CMS Sql password discovery
From: "Steven M. Christey" <coley@xxxxxxxxx>
Date: Tue, 13 Dec 2005 23:23:30 -0500 (EST)
Cc: bugtraq@xxxxxxxxxxxxxxxxx
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Hello,

>IMOEL CMS has the weakness to download the plain text sql password in
>the setting.php file
>
>*/*************************************
>$setting['host']['username'] = 'sqlusername';
>$setting['host']['password'] = 'sqlpassword';
>
>***************************************
>so u can download the setting.php file & view the plain text password

These commands appear within a "<?php >" construct, so on a properly
configuredeb server, I would think that the code would be executed due
to the ".php' extension.  So there would not be any leak to a remote
attacker unless the attacker used some other vulnerability to obtain
the file.

Or is this a concern for multiple users on the same server?  (I don't
know PHP that well so apologies if this is a dumb question.)

- Steve

Prev by Date: DIMVA 2006 - 2nd Call for Papers
Next by Date: SUSE Security Announcement: php4, php5 (SUSE-SA:2005:069)
Previous by thread: IMOEL CMS Sql password discovery
Next by thread: [ GLSA 200512-03 ] phpMyAdmin: Multiple vulnerabilities
Index(es):
- Date
- Thread