uploads - Get Database Credentials from within the themes file

admin管理员组

文章数量:1130349

I have a freelancer working on a program for me.

I gave him access to the theme folder via FTP. He uploaded phpMiniAdmin to that folder and, somehow, obtained the database credentials, which he then used to sign in.

How did he manage to obtain those credentials? Is there a vulnerability that can be used once you can upload files to the server?

I have a freelancer working on a program for me.

I gave him access to the theme folder via FTP. He uploaded phpMiniAdmin to that folder and, somehow, obtained the database credentials, which he then used to sign in.

How did he manage to obtain those credentials? Is there a vulnerability that can be used once you can upload files to the server?

• database
• uploads

Share Improve this question edited Dec 31, 2018 at 2:39 That Brazilian Guy 1,24133 gold badges1919 silver badges4343 bronze badges asked Dec 30, 2018 at 14:34 Dan W.Dan W. 2344 bronze badges 0

Add a comment  | 

2 Answers 2

Sorted by: Reset to default 7

All he needed to do is to put this PHP code in any template file and run it:

var_dump(DB_NAME, DB_USER, DB_PASSWORD, DB_HOST);

One line and it will print all the DB credentials.

As you can see - no vulnerabilities are needed.

All PHP code has access to these credentials. And it has to - otherwise it wouldn’t be able to access DB...

If they can upload files then they can upload a php file that can read the database credentials from wp-config.php. Having upload access to the server can let you do almost anything. Don't give that access to people you don't trust. There's no vulnerability here, you just gave them the keys.

I have a freelancer working on a program for me.

I gave him access to the theme folder via FTP. He uploaded phpMiniAdmin to that folder and, somehow, obtained the database credentials, which he then used to sign in.

How did he manage to obtain those credentials? Is there a vulnerability that can be used once you can upload files to the server?

I have a freelancer working on a program for me.

I gave him access to the theme folder via FTP. He uploaded phpMiniAdmin to that folder and, somehow, obtained the database credentials, which he then used to sign in.

How did he manage to obtain those credentials? Is there a vulnerability that can be used once you can upload files to the server?

• database
• uploads

Share Improve this question edited Dec 31, 2018 at 2:39 That Brazilian Guy 1,24133 gold badges1919 silver badges4343 bronze badges asked Dec 30, 2018 at 14:34 Dan W.Dan W. 2344 bronze badges 0

Add a comment  | 

2 Answers 2

Sorted by: Reset to default 7

All he needed to do is to put this PHP code in any template file and run it:

var_dump(DB_NAME, DB_USER, DB_PASSWORD, DB_HOST);

One line and it will print all the DB credentials.

As you can see - no vulnerabilities are needed.

All PHP code has access to these credentials. And it has to - otherwise it wouldn’t be able to access DB...

If they can upload files then they can upload a php file that can read the database credentials from wp-config.php. Having upload access to the server can let you do almost anything. Don't give that access to people you don't trust. There's no vulnerability here, you just gave them the keys.

本文标签： uploadsGet Database Credentials from within the themes file