SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Questions?
Want to learn about SecurityTracker? We've got answers to frequently asked questions right here
Sign Up!





Category:  Application (Generic)  >  PHP-Survey Vendors:  Buchbinder, Adam
PHP-Survey Script Discloses Underlying MySQL Database Username and Password to Remote Users
SecurityTracker Alert ID:  1004172
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 27 2002
Impact:  Disclosure of authentication information, Disclosure of system information
Exploit Included:  Yes  
Description:  A vulnerability was reported in the PHP-Survey software for conducting on-line surveys. A remote user can view the source of a critical file and obtain the database password.

It is reported that a remote user can request the 'global.inc' file, which includes database information and interface configuration settings. This reportedly includes the database username and password for the underlying MySQL database. Because the file is not a PHP file, the file is displayed to the remote user instead of being interpreted by the PHP parser.

With the information disclosed, a remote user may be able to login to the database.
Impact:  A remote user can view the username and password for the underlying database.
Solution:  No solution was available at the time of this entry.

The author of the report suggests changing the 'global.inc' filename to 'global.inc.php'.

Another user suggests making .inc files inaccessible to web browsers using the web server access control features. On Apache, this can reportedly be done with the following configuration:

<Files *.inc>
Order allow,deny
Deny from all
</Files>
Vendor URL:  sourceforge.net/projects/phpsurvey/ (Links to External Site)
Cause:  Access control error
Underlying OS:  Linux (Any), UNIX (Any)
Underlying OS Comments:  PHP-based
Reported By:  "MOD" <br014c1155@blueyonder.co.uk>
Message History:   None.

 Source Message Contents
Date:  Fri, 26 Apr 2002 21:27:34 +0100
From:  "MOD" <br014c1155@blueyonder.co.uk>
Subject:  PHP-Survey Database Access Vulnerability

 

PHP-Survey is an online survey creation and management system written in
PHP. It uses a MySQL database on backend for all data handling.
Global.inc holds the database information, and settings for the survey's
interface. Global.inc on default settings is not interpreted by PHP hence
any user can make an HTTP request for global.inc and will be able to view
the source code, hence the database password, username, localhost is
revealed, and also superuser information for the administration of the poll
survey. A solution might be to rename global.inc to global.inc.php.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC