Are you saying this was on the CakePHP website or a random site you where visiting?
-- Larry E. Masters On Mon, Jun 20, 2011 at 2:18 PM, yoodey <[email protected]> wrote: > Hello all, > > I'm randomly browsing and get a website with Database error > connection. > It gave me error page : Warning (2): mysql_connect() [function.mysql- > connect]: Access denied for user ... > > So i click on Context option and got this information. > > $config = array( > "persistent" => false, > "host" => "xxxxxxxxxxxxxxxxxxx", > "login" => "dbxxxxx", > "password" => "dbtxxx", > "database" => "dbxxxxx", > "port" => "3306", > "driver" => "mysql", > "prefix" => "", > "encoding" => "UTF8" > ) > > To avoid other people doing bad thing, i'm not showing real error > information. > > I'm doing mysql command based on that information and guest what? I > got full access! > Curious with this error, i'm doing little research and found more than > 1000 website mysql root access. (there many others, but i too tired to > check it one by one ). > > This is very dangerous things which i'm big fans of CakePHP. I working > on 50K/day visitors website powered by CakePHP which i don't wanna > this thing happen to me. > > So, please tell me, which people in cakephp.org should be contacted > because this issue. Opening ticket will leaked real information for > the victim website. > > Thanks > > Yoodey > > -- > Our newest site for the community: CakePHP Video Tutorials > http://tv.cakephp.org > Check out the new CakePHP Questions site http://ask.cakephp.org and help > others with their CakePHP related questions. > > > To unsubscribe from this group, send email to > [email protected] For more options, visit this group > at http://groups.google.com/group/cake-php > -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php
