How are exposed db credentials misused?
Posted: Tue Mar 04, 2008 4:52 am
Ok, this is probably a silly question. But still something I was wondering about. I've read everything about how sql injection can happen and what to do to prevent it, I know about the dangers and difficulties of storing db credentials.
But, in general terms, what if someone gets your db login and password. Say by a (temporarily) mis configured web server showing the php code in plain text? Would a potential hacker use telnet or something?
I know it's not allowed to show code to exploit on this forum, but a general explanation would be fine.
(and the reason I ask is because I stumbled upon some source code of a website with it's db credentials in plain text. I think due to misconfigured server or error in the code. I will contact the owner to warn him. I could probably try and figure something out myself, but obviously I don't want to do that for legal reasons
)
But, in general terms, what if someone gets your db login and password. Say by a (temporarily) mis configured web server showing the php code in plain text? Would a potential hacker use telnet or something?
I know it's not allowed to show code to exploit on this forum, but a general explanation would be fine.
(and the reason I ask is because I stumbled upon some source code of a website with it's db credentials in plain text. I think due to misconfigured server or error in the code. I will contact the owner to warn him. I could probably try and figure something out myself, but obviously I don't want to do that for legal reasons