PHP MySQL Banner Exchange 2.2.1 remote mysql database bug

2007.12.22

Credit: Arsalan kashan

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2007-6512

CWE: CWE-89

CVSS Base Score: 5/10

Impact Subscore: 2.9/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: None

Availability impact: None

Discovered by Arsalan kashan

email=arsalan1991 (at) gmail (dot) com [email concealed]

portal=PHP MySQL Banner Exchange

download=http://sourceforge.net/projects/banex

version=2.2.1

bug:

its store the mysql database setting in a .inc file and you can easily read it as a anonymous user

/script_path/inc/lib.inc

the you can connect to mysql database

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

PHP MySQL Banner Exchange 2.2.1 remote mysql database bug

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

PHP MySQL Banner Exchange 2.2.1 remote mysql database bug

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.