Hello all,
I'm randomly browsing and get a website with Database error
connection.
It gave me error page : Warning (2): mysql_connect() [function.mysql-
connect]: Access denied for user ...
So i click on Context option and got this information.
$config = array(
"persistent" => false,
"host" => "xxxxxxxxxxxxxxxxxxx",
"login" => "dbxxxxx",
"password" => "dbtxxx",
"database" => "dbxxxxx",
"port" => "3306",
"driver" => "mysql",
"prefix" => "",
"encoding" => "UTF8"
)
To avoid other people doing bad thing, i'm not showing real error
information.
I'm doing mysql command based on that information and guest what? I
got full access!
Curious with this error, i'm doing little research and found more than
1000 website mysql root access. (there many others, but i too tired to
check it one by one ).
This is very dangerous things which i'm big fans of CakePHP. I working
on 50K/day visitors website powered by CakePHP which i don't wanna
this thing happen to me.
So, please tell me, which people in cakephp.org should be contacted
because this issue. Opening ticket will leaked real information for
the victim website.
Thanks
Yoodey
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
[email protected] For more options, visit this group at
http://groups.google.com/group/cake-php
