| Joined: Apr 2002 Posts: 212 Member | Member Joined: Apr 2002 Posts: 212 | I was bored tonight and i remember using invisionboards message board on my site before. Once of the exploits with it was the phpinfo.php file. All you had to do was go to that file and it would give someone just about anything they need. Me being my curious self just typed in "phpinfo.php" on google and up popped 14,000 files. here is a good example of how open this leaves boards to. http://laughingsquid.com/phpinfo.php gives paths, server info, and all the configuration settings. I didn't go any further (yet) with this but isn't that a little unsecure? I'm not that good with message board stuff, it just caught my eye. Anybody got some info or feedback to go along with this? I'de be interested to see what some of you have to say about it. | | |
▼ Sponsored Links ▼
▲ Sponsored Links ▲
| | | Joined: Dec 2002 Posts: 3,255 Likes: 3 UGN Elite | UGN Elite Joined: Dec 2002 Posts: 3,255 Likes: 3 | that isn't message board stuff that is a simple php script <?
info();
?>
save as phpinfo.php or info.php or etc. etc. etc. The person can just remove the script. they are stupid for leaving it yes, but it is easily fixable. | | | | Joined: Mar 2002 Posts: 1,273 DollarDNS Owner | DollarDNS Owner Joined: Mar 2002 Posts: 1,273 | if you had an exploit to get into the system, then yes, that script can give you a lot of useful information that may help in how you should use whatever exploit you have. But, that info in itself doesn't enable you to exploit them. | | | | Joined: Apr 2002 Posts: 212 Member | Member Joined: Apr 2002 Posts: 212 | *nods*
that's what I had figured out by the time I fell asleep last night. Just found it interesting. | | | | Joined: Mar 2002 Posts: 508 Likes: 1 UGN Super Poster | UGN Super Poster Joined: Mar 2002 Posts: 508 Likes: 1 | try posting in the right fourm next time. Web Design ASP, PHP, Python, Perl, CGI, SHTML, DHTML, Flash, XML, VML... you would prolly get alot more answers | | | | Joined: Feb 2002 Posts: 7,203 Likes: 11 Community Owner | Community Owner Joined: Feb 2002 Posts: 7,203 Likes: 11 | | | | | Joined: Dec 2002 Posts: 3,255 Likes: 3 UGN Elite | UGN Elite Joined: Dec 2002 Posts: 3,255 Likes: 3 | .... I never created that. I of course made one to see what Xnull supported but called it test.php | | | | Joined: Feb 2002 Posts: 7,203 Likes: 11 Community Owner | Community Owner Joined: Feb 2002 Posts: 7,203 Likes: 11 | | | | | Joined: Dec 2002 Posts: 3,255 Likes: 3 UGN Elite | UGN Elite Joined: Dec 2002 Posts: 3,255 Likes: 3 | HTTP_REFERER http://www. UnderGroundNews.com/cgi-bin/ubbcgi/ultimatebb.cgi?ubb=get_topic;f=14;t=000076 heh it supports Sybase. You should kill MySQL and get Sybase on that puppy. | | | | Joined: Aug 2002 Posts: 68 Junior Member | Junior Member Joined: Aug 2002 Posts: 68 | Try searching google for 'phpmyadmin running on localhost'. Interesting results. | | | | Joined: Apr 2002 Posts: 212 Member | Member Joined: Apr 2002 Posts: 212 | that's even worse then the phpinfo.php i originally posted about.
oh well *shrug* | | | | Joined: Dec 2002 Posts: 3,255 Likes: 3 UGN Elite | UGN Elite Joined: Dec 2002 Posts: 3,255 Likes: 3 | Jesus ftp.esrf.fr/pub/expg/spec/db_details_structure.html phpMyAdmin MySQL-Dump
# version 2.3.2
# http://www.phpmyadmin.net/ (download page)
#
# Host: localhost
# Generation Time: Nov 05, 2002 at 10:16 AM
# Server version: 3.23.37
# PHP Version: 4.0.6
# Database : `BM`
# --------------------------------------------------------
#
# Table structure for table `CRYSTAL`
#
CREATE TABLE CRYSTAL (
PROTEIN_NAME text,
PROPOSID varchar(10) NOT NULL default 'XX-nnnn',
CRYSTALID varchar(20) NOT NULL default '',
SPACE_GROUP varchar(10) default NULL,
CELL_DIM_A decimal(4,2) default '0.00',
CELL_DIM_B decimal(4,2) default '0.00',
CELL_DIM_C decimal(4,2) default '0.00',
CELL_DIM_AL decimal(4,2) default '0.00',
CELL_DIM_BE decimal(4,2) default '0.00',
CELL_DIM_GA decimal(4,2) default '0.00',
RES_PREV float(10,2) default '0.00',
COMMENTS text,
CRYSTAL_KEY smallint(6) NOT NULL auto_increment,
KEY CRYSTAL_KEY (CRYSTAL_KEY),
PRIMARY KEY (CRYSTAL_KEY),
KEY CRYSTALID (CRYSTALID)
) TYPE=ISAM PACK_KEYS=1;
# --------------------------------------------------------
#
# Table structure for table `DETECTORS`
#
CREATE TABLE DETECTORS (
DETECTORID int(11) NOT NULL auto_increment,
IMGTYPE varchar(50) default NULL,
NHEAD int(11) NOT NULL default '0',
LRECL int(11) NOT NULL default '0',
NPIXELX int(11) NOT NULL default '0',
NPIXELY int(11) NOT NULL default '0',
IMGDRC varchar(50) default NULL,
ENDED varchar(6) default NULL,
YPXMAX double(16,4) NOT NULL default '0.0000',
ZPXMAX double(16,4) NOT NULL default '0.0000',
YBEAM double(16,4) NOT NULL default '0.0000',
ZBEAM double(16,4) NOT NULL default '0.0000',
YPXSIZ double(16,4) NOT NULL default '0.0000',
ZPXSIZ double(16,4) NOT NULL default '0.0000',
ROFF double(16,4) NOT NULL default '0.0000',
TOFF double(16,4) NOT NULL default '0.0000',
NUMBITS int(11) NOT NULL default '0',
DESCRIPTION varchar(50) default NULL,
SPDFIL varchar(255) default NULL,
KEY DETECTORID (DETECTORID),
KEY NUMBITS (NUMBITS),
PRIMARY KEY (DETECTORID)
) TYPE=ISAM PACK_KEYS=1;
# --------------------------------------------------------
#
# Table structure for table `DEWARE`
#
CREATE TABLE DEWARE (
DEWARE_KEY smallint(6) NOT NULL auto_increment,
SENT_ON date NOT NULL default '0000-00-00',
COURIER_CO varchar(10) NOT NULL default '',
SENDING_NB varchar(10) default NULL,
PROPOSID varchar(10) NOT NULL default '',
COMMENTS varchar(200) default NULL,
SUB_STATUS enum('opened','closed') NOT NULL default 'opened',
KEY DEWARE_KEY (DEWARE_KEY)
) TYPE=ISAM PACK_KEYS=1;
# --------------------------------------------------------
#
# Table structure for table `DICTIONARY`
#
CREATE TABLE DICTIONARY (
PARAMID int(11) NOT NULL auto_increment,
PARAMBRIEF varchar(50) default NULL,
PARAMDESC varchar(255) default NULL,
PARAMFORMAT varchar(50) default NULL,
PARAMELEMENTS int(11) NOT NULL default '0',
PARAMTYPE int(11) NOT NULL default '0',
PARAMINST int(11) default NULL,
KEY PARAMID (PARAMID),
PRIMARY KEY (PARAMID)
) TYPE=ISAM PACK_KEYS=1;
# --------------------------------------------------------
#
# Table structure for table `IMAGES`
#
CREATE TABLE IMAGES (
IMAGEID int(11) NOT NULL auto_increment,
RUNUNIQUEID int(11) NOT NULL default '0',
TYPE int(11) NOT NULL default '0',
FILENAME varchar(50) default NULL,
LOCATION varchar(60) default NULL,
KEY IMAGEID (IMAGEID),
PRIMARY KEY (IMAGEID),
KEY RUNUNIQUEID (RUNUNIQUEID)
) TYPE=ISAM PACK_KEYS=1;
# --------------------------------------------------------
#
# Table structure for table `MAD`
#
CREATE TABLE MAD (
MAD_ID int(11) NOT NULL auto_increment,
RUNUNIQUEID int(11) NOT NULL default '0',
ESCAN_FILE varchar(100) default NULL,
KEY MAD_ID (MAD_ID),
PRIMARY KEY (MAD_ID)
) TYPE=ISAM PACK_KEYS=1;
# --------------------------------------------------------
#
# Table structure for table `PARAMETERTOIMAGE`
#
CREATE TABLE PARAMETERTOIMAGE (
PARAMRUNID int(11) NOT NULL auto_increment,
IMAGEID int(11) NOT NULL default '0',
PARAMID int(11) NOT NULL default '0',
PARAMVALUE float(10,2) NOT NULL default '0.00',
PARAMTEXT varchar(50) default NULL,
KEY IMAGEID (IMAGEID),
KEY PARAMID (PARAMID),
KEY PARAMRUNID (PARAMRUNID),
PRIMARY KEY (PARAMRUNID)
) TYPE=ISAM PACK_KEYS=1;
# --------------------------------------------------------
#
# Table structure for table `PARAMETERTORUN`
#
CREATE TABLE PARAMETERTORUN (
PARAMRUNID int(11) NOT NULL auto_increment,
RUNUNIQUEID int(11) NOT NULL default '0',
PARAMID int(11) NOT NULL default '0',
PARAMVALUE float(10,2) NOT NULL default '0.00',
PARAMTEXT varchar(200) NOT NULL default 'None',
KEY PARAMID (PARAMID),
KEY PARAMRUNID (PARAMRUNID),
PRIMARY KEY (PARAMRUNID),
KEY RUNUNIQUEID (RUNUNIQUEID)
) TYPE=ISAM PACK_KEYS=1;
# --------------------------------------------------------
#
# Table structure for table `RUNS`
#
CREATE TABLE RUNS (
RUNUNIQUEID int(11) NOT NULL auto_increment,
SESSIONNO int(11) NOT NULL default '0',
RUNIDENTIFIER int(11) NOT NULL default '0',
RUNSTART datetime default NULL,
RUNEND datetime default NULL,
RUNSTATUS int(11) NOT NULL default '0',
TYPEID int(11) default NULL,
PRIMARY KEY (RUNUNIQUEID),
KEY RUNUNIQUEID (RUNUNIQUEID),
KEY SESSIONNO (SESSIONNO)
) TYPE=ISAM PACK_KEYS=1;
# --------------------------------------------------------
#
# Table structure for table `RUNTYPES`
#
CREATE TABLE RUNTYPES (
TYPEID int(11) NOT NULL auto_increment,
RUNTYPE varchar(50) default NULL,
RUNDESCRIPTION varchar(50) default NULL,
PRODC int(11) default NULL,
PRIMARY KEY (TYPEID),
KEY TYPEID (TYPEID)
) TYPE=ISAM PACK_KEYS=1;
# --------------------------------------------------------
#
# Table structure for table `SAMPLE`
#
CREATE TABLE SAMPLE (
SAMPLE_KEY int(11) NOT NULL auto_increment,
DEWARE_KEY int(11) NOT NULL default '0',
CRYSTAL_KEY int(11) NOT NULL default '0',
SUFFIX varchar(20) NOT NULL default '',
DATA_SET enum('native','ligand','mutant','MAD','SAD','MIR') NOT NULL default 'native',
CRYSTAL_SIZE varchar(20) default NULL,
RSYM float(10,2) default NULL,
STRUC_STATUS enum('Completed','Under refinement','Solved','Initial measurements','More phasing needed','Poor data') NOT NULL default 'Initial measurements',
PUBLI_STATUS enum('Not applicable','In preparation','Submitted','In press','Published') NOT NULL default 'Not applicable',
BAG_COMMENT varchar(200) default NULL,
CANE char(3) NOT NULL default '',
POSITION char(1) NOT NULL default '',
RESO_REQ float(10,2) default NULL,
REMARKS varchar(80) default NULL,
SENT_ON date default NULL,
RECEPT_DATE date default NULL,
SAF_FORM enum('yes','no') NOT NULL default 'no',
STORAGE tinyint(4) default NULL,
EXP_STATUS varchar(10) default NULL,
PRIMARY KEY (SAMPLE_KEY)
) TYPE=ISAM PACK_KEYS=1;
# --------------------------------------------------------
#
# Table structure for table `SESSION`
#
CREATE TABLE SESSION (
SESSIONNO int(11) NOT NULL auto_increment,
SE_PL_NO int(11) NOT NULL default '0',
EXP_OPERATOR varchar(20) default NULL,
NO_PERF_SHIFTS float(10,2) NOT NULL default '0.00',
COMMENT varchar(255) default NULL,
USER_NO int(11) NOT NULL default '0',
BLOM_COMMENT varchar(200) default NULL,
LC_COMMENT varchar(200) default NULL,
KEY SE_PL_NO (SE_PL_NO),
PRIMARY KEY (SESSIONNO),
KEY SESSIONNO (SESSIONNO),
KEY USER_NO (USER_NO)
) TYPE=ISAM PACK_KEYS=1;
# --------------------------------------------------------
#
# Table structure for table `USER`
#
CREATE TABLE USER (
USER_NO int(11) NOT NULL auto_increment,
SE_PL_NO int(11) NOT NULL default '0',
PROPOS_NO int(11) NOT NULL default '0',
PROPOS_CATEG_CODE varchar(6) NOT NULL default '',
PROPOS_CATEG_CPT int(11) NOT NULL default '0',
SURNAME varchar(45) NOT NULL default '',
LABO_NAME varchar(45) NOT NULL default '',
LABO_PAYS_CODE varchar(4) default NULL,
PROPOS_TIT varchar(180) default NULL,
LOCAL_CONTACT varchar(45) NOT NULL default '',
DATE_DEB datetime default NULL,
DATE_FIN datetime default NULL,
NO_SHIFTS smallint(6) default NULL,
INSTR_NOM varchar(16) default NULL,
SCHEDULED tinyint(4) default '1',
REG_PXWEB tinyint(4) NOT NULL default '0',
KEY PROPOS_NO (PROPOS_NO),
KEY SESSION_NO (SE_PL_NO),
PRIMARY KEY (USER_NO),
KEY USER_NO (USER_NO)
) TYPE=ISAM PACK_KEYS=1;
Not that this would allow you to hack them right off, but you could get variable info and alter the URL to gain access or even edit thier database. That is sad. | | |
Forums41 Topics33,840 Posts68,858 Members2,176 | Most Online3,253 Jan 13th, 2020 | | | |