Mailing List Archive: PHP MySQL Banner Exchange 2.2.1 remote mysql database bug

PHP MySQL Banner Exchange 2.2.1 remote mysql database bug

arsalan1991 at gmail

Dec 14, 2007, 12:42 AM

Post #1 of 3 (1037 views)

Discovered by Arsalan kashan
email=arsalan1991@gmail.com
portal=PHP MySQL Banner Exchange
download=http://sourceforge.net/projects/banex
version=2.2.1
bug:
its store the mysql database setting in a .inc file and you can easily read it as a anonymous user
/script_path/inc/lib.inc
the you can connect to mysql database

Re: PHP MySQL Banner Exchange 2.2.1 remote mysql database bug [ In reply to ]

theredc0ders at gmail

Dec 16, 2007, 5:37 PM

Post #2 of 3 (985 views)

Permalink

to fix this bug, vendor have just to put an .htaccess "inc" folder with the following code

Deny from all

or rename the file to lib.inc.php

Regards

Re: Re: PHP MySQL Banner Exchange 2.2.1 remote mysql database bug [ In reply to ]

arsalan1991 at gmail

Dec 17, 2007, 12:46 PM

Post #3 of 3 (979 views)

Permalink

if you chose the second way you need to change name to .inc.php in all pages that includes .inc pages too