PHP-Survey Database Access Vulnerability: msg#00393 security.bugtraq

PHP-Survey is an online survey creation and management system written in
PHP. It uses a MySQL database on backend for all data handling.
Global.inc holds the database information, and settings for the survey's
interface. Global.inc on default settings is not interpreted by PHP hence
any user can make an HTTP request for global.inc and will be able to view
the source code, hence the database password, username, localhost is
revealed, and also superuser information for the administration of the poll
survey. A solution might be to rename global.inc to global.inc.php.

<Prev in Thread]	Current Thread	[Next in Thread>

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Re: KPMG-2002013: Coldfusion Path Disclosure: 00393, Tom Donovan
Next by Date:	Re: PHP-Survey Database Access Vulnerability: 00393, Jens Knoell
Previous by Thread:	IndiaTimes.com - Email - Session hijacking and Inbox Blockingi: 00393, Giri Sandeep
Next by Thread:	Re: PHP-Survey Database Access Vulnerability: 00393, Jens Knoell
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Re: KPMG-2002013: Coldfusion Path Disclosure: 00393, Tom Donovan

Next by Date:

Re: PHP-Survey Database Access Vulnerability: 00393, Jens Knoell

Previous by Thread:

IndiaTimes.com - Email - Session hijacking and Inbox Blockingi: 00393, Giri Sandeep

Next by Thread:

Re: PHP-Survey Database Access Vulnerability: 00393, Jens Knoell

Indexes:

[Date] [Thread] [Top] [All Lists]