UGN Security Forums
My ProfileMember DirectoryLogin
Search our ForumsView our FAQView our Site Rules
View our CalendarView our Active TopicsGo to our Main Page

UGN Security Store
 

Network Sites UGN Security, The GoNix Initiative, Elite Web Gamers, Back of the Web, EveryDay Helper, VNC Web Design & Development
July
Su M Tu W Th F Sa
1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31
Sponsored Links
Latest Postings
Latest Reviews
Topic Options
Rate This Topic
#18128 - 01/27/03 08:31 AM phpinfo.php so simple
Rapture Offline
Member

Registered: 04/23/02
Posts: 212
Loc: Redwood
I was bored tonight and i remember using invisionboards message board on my site before. Once of the exploits with it was the phpinfo.php file. All you had to do was go to that file and it would give someone just about anything they need. Me being my curious self just typed in "phpinfo.php" on google and up popped 14,000 files.

here is a good example of how open this leaves boards to. http://laughingsquid.com/phpinfo.php

gives paths, server info, and all the configuration settings. I didn't go any further (yet) with this but isn't that a little unsecure? I'm not that good with message board stuff, it just caught my eye.

Anybody got some info or feedback to go along with this? I'de be interested to see what some of you have to say about it.

Top
Sponsored Links
      
#18129 - 01/27/03 10:00 AM Re: phpinfo.php so simple
§intå× Offline


*****

Registered: 12/03/02
Posts: 3255
Loc: Maryland
that isn't message board stuff that is a simple php script

Code:
<?
info();
?>

save as phpinfo.php or info.php or etc. etc. etc.
The person can just remove the script. they are stupid for leaving it yes, but it is easily fixable.
_________________________
My New site OpenEyes

Top
#18130 - 01/27/03 02:38 PM Re: phpinfo.php so simple
SilentRage Offline
DollarDNS Owner

Registered: 03/04/02
Posts: 1273
Loc: OH, USA
if you had an exploit to get into the system, then yes, that script can give you a lot of useful information that may help in how you should use whatever exploit you have. But, that info in itself doesn't enable you to exploit them.
_________________________
Domain Registration, Hosting, Management
http://www.dollardns.net

Top
#18131 - 01/27/03 03:12 PM Re: phpinfo.php so simple
Rapture Offline
Member

Registered: 04/23/02
Posts: 212
Loc: Redwood
*nods*

that's what I had figured out by the time I fell asleep last night. Just found it interesting.

Top
#18132 - 01/27/03 06:44 PM Re: phpinfo.php so simple
Crime Offline
UGN Super Poster

Registered: 03/01/02
Posts: 505
Loc: Tartarus
try posting in the right fourm next time.

Web Design
ASP, PHP, Python, Perl, CGI, SHTML, DHTML, Flash, XML, VML...


you would prolly get alot more answers

Top
#18133 - 01/29/03 02:02 AM Re: phpinfo.php so simple
Scalli0n Offline
Junior Member

Registered: 08/01/02
Posts: 68
It does provide information about the server.

http://www.promodtecnologies.com/phpinfo.php

Just wait till gizzy sees this...

Top
#18134 - 01/29/03 02:47 AM Re: phpinfo.php so simple
Gremelin Offline

Community Owner
*****

Registered: 02/28/02
Posts: 7192
Loc: Portland, OR; USA
who cares lol...
_________________________
Donate to UGN Security here.
UGN Security, Back of the Web, Elite Web Gamers & VNC Web Design Owner

Top
#18135 - 01/29/03 09:53 PM Re: phpinfo.php so simple
§intå× Offline


*****

Registered: 12/03/02
Posts: 3255
Loc: Maryland
.... I never created that. I of course made one to see what Xnull supported but called it test.php
_________________________
My New site OpenEyes

Top
#18136 - 01/30/03 03:39 AM Re: phpinfo.php so simple
Gremelin Offline

Community Owner
*****

Registered: 02/28/02
Posts: 7192
Loc: Portland, OR; USA
I did lol...
_________________________
Donate to UGN Security here.
UGN Security, Back of the Web, Elite Web Gamers & VNC Web Design Owner

Top
#18137 - 01/30/03 06:10 AM Re: phpinfo.php so simple
§intå× Offline


*****

Registered: 12/03/02
Posts: 3255
Loc: Maryland
HTTP_REFERER http://www.undergroundnews.com/cgi-bin/ubbcgi/ultimatebb.cgi?ubb=get_topic;f=14;t=000076


heh it supports Sybase. You should kill MySQL and get Sybase on that puppy.
_________________________
My New site OpenEyes

Top
#18138 - 02/01/03 04:33 AM Re: phpinfo.php so simple
Scalli0n Offline
Junior Member

Registered: 08/01/02
Posts: 68
Try searching google for 'phpmyadmin running on localhost'. Interesting results.

Top
#18139 - 02/07/03 09:06 PM Re: phpinfo.php so simple
Rapture Offline
Member

Registered: 04/23/02
Posts: 212
Loc: Redwood
that's even worse then the phpinfo.php i originally posted about.

oh well *shrug*

Top
#18140 - 02/10/03 03:34 PM Re: phpinfo.php so simple
§intå× Offline


*****

Registered: 12/03/02
Posts: 3255
Loc: Maryland
Jesus
ftp.esrf.fr/pub/expg/spec/db_details_structure.html


Code:
  phpMyAdmin MySQL-Dump
# version 2.3.2
# http://www.phpmyadmin.net/ (download page)
#
# Host: localhost
# Generation Time: Nov 05, 2002 at 10:16 AM
# Server version: 3.23.37
# PHP Version: 4.0.6
# Database : `BM`
# --------------------------------------------------------

#
# Table structure for table `CRYSTAL`
#

CREATE TABLE CRYSTAL (
  PROTEIN_NAME text,
  PROPOSID varchar(10) NOT NULL default 'XX-nnnn',
  CRYSTALID varchar(20) NOT NULL default '',
  SPACE_GROUP varchar(10) default NULL,
  CELL_DIM_A decimal(4,2) default '0.00',
  CELL_DIM_B decimal(4,2) default '0.00',
  CELL_DIM_C decimal(4,2) default '0.00',
  CELL_DIM_AL decimal(4,2) default '0.00',
  CELL_DIM_BE decimal(4,2) default '0.00',
  CELL_DIM_GA decimal(4,2) default '0.00',
  RES_PREV float(10,2) default '0.00',
  COMMENTS text,
  CRYSTAL_KEY smallint(6) NOT NULL auto_increment,
  KEY CRYSTAL_KEY (CRYSTAL_KEY),
  PRIMARY KEY  (CRYSTAL_KEY),
  KEY CRYSTALID (CRYSTALID)
) TYPE=ISAM PACK_KEYS=1;
# --------------------------------------------------------

#
# Table structure for table `DETECTORS`
#

CREATE TABLE DETECTORS (
  DETECTORID int(11) NOT NULL auto_increment,
  IMGTYPE varchar(50) default NULL,
  NHEAD int(11) NOT NULL default '0',
  LRECL int(11) NOT NULL default '0',
  NPIXELX int(11) NOT NULL default '0',
  NPIXELY int(11) NOT NULL default '0',
  IMGDRC varchar(50) default NULL,
  ENDED varchar(6) default NULL,
  YPXMAX double(16,4) NOT NULL default '0.0000',
  ZPXMAX double(16,4) NOT NULL default '0.0000',
  YBEAM double(16,4) NOT NULL default '0.0000',
  ZBEAM double(16,4) NOT NULL default '0.0000',
  YPXSIZ double(16,4) NOT NULL default '0.0000',
  ZPXSIZ double(16,4) NOT NULL default '0.0000',
  ROFF double(16,4) NOT NULL default '0.0000',
  TOFF double(16,4) NOT NULL default '0.0000',
  NUMBITS int(11) NOT NULL default '0',
  DESCRIPTION varchar(50) default NULL,
  SPDFIL varchar(255) default NULL,
  KEY DETECTORID (DETECTORID),
  KEY NUMBITS (NUMBITS),
  PRIMARY KEY  (DETECTORID)
) TYPE=ISAM PACK_KEYS=1;
# --------------------------------------------------------

#
# Table structure for table `DEWARE`
#

CREATE TABLE DEWARE (
  DEWARE_KEY smallint(6) NOT NULL auto_increment,
  SENT_ON date NOT NULL default '0000-00-00',
  COURIER_CO varchar(10) NOT NULL default '',
  SENDING_NB varchar(10) default NULL,
  PROPOSID varchar(10) NOT NULL default '',
  COMMENTS varchar(200) default NULL,
  SUB_STATUS enum('opened','closed') NOT NULL default 'opened',
  KEY DEWARE_KEY (DEWARE_KEY)
) TYPE=ISAM PACK_KEYS=1;
# --------------------------------------------------------

#
# Table structure for table `DICTIONARY`
#

CREATE TABLE DICTIONARY (
  PARAMID int(11) NOT NULL auto_increment,
  PARAMBRIEF varchar(50) default NULL,
  PARAMDESC varchar(255) default NULL,
  PARAMFORMAT varchar(50) default NULL,
  PARAMELEMENTS int(11) NOT NULL default '0',
  PARAMTYPE int(11) NOT NULL default '0',
  PARAMINST int(11) default NULL,
  KEY PARAMID (PARAMID),
  PRIMARY KEY  (PARAMID)
) TYPE=ISAM PACK_KEYS=1;
# --------------------------------------------------------

#
# Table structure for table `IMAGES`
#

CREATE TABLE IMAGES (
  IMAGEID int(11) NOT NULL auto_increment,
  RUNUNIQUEID int(11) NOT NULL default '0',
  TYPE int(11) NOT NULL default '0',
  FILENAME varchar(50) default NULL,
  LOCATION varchar(60) default NULL,
  KEY IMAGEID (IMAGEID),
  PRIMARY KEY  (IMAGEID),
  KEY RUNUNIQUEID (RUNUNIQUEID)
) TYPE=ISAM PACK_KEYS=1;
# --------------------------------------------------------

#
# Table structure for table `MAD`
#

CREATE TABLE MAD (
  MAD_ID int(11) NOT NULL auto_increment,
  RUNUNIQUEID int(11) NOT NULL default '0',
  ESCAN_FILE varchar(100) default NULL,
  KEY MAD_ID (MAD_ID),
  PRIMARY KEY  (MAD_ID)
) TYPE=ISAM PACK_KEYS=1;
# --------------------------------------------------------

#
# Table structure for table `PARAMETERTOIMAGE`
#

CREATE TABLE PARAMETERTOIMAGE (
  PARAMRUNID int(11) NOT NULL auto_increment,
  IMAGEID int(11) NOT NULL default '0',
  PARAMID int(11) NOT NULL default '0',
  PARAMVALUE float(10,2) NOT NULL default '0.00',
  PARAMTEXT varchar(50) default NULL,
  KEY IMAGEID (IMAGEID),
  KEY PARAMID (PARAMID),
  KEY PARAMRUNID (PARAMRUNID),
  PRIMARY KEY  (PARAMRUNID)
) TYPE=ISAM PACK_KEYS=1;
# --------------------------------------------------------

#
# Table structure for table `PARAMETERTORUN`
#

CREATE TABLE PARAMETERTORUN (
  PARAMRUNID int(11) NOT NULL auto_increment,
  RUNUNIQUEID int(11) NOT NULL default '0',
  PARAMID int(11) NOT NULL default '0',
  PARAMVALUE float(10,2) NOT NULL default '0.00',
  PARAMTEXT varchar(200) NOT NULL default 'None',
  KEY PARAMID (PARAMID),
  KEY PARAMRUNID (PARAMRUNID),
  PRIMARY KEY  (PARAMRUNID),
  KEY RUNUNIQUEID (RUNUNIQUEID)
) TYPE=ISAM PACK_KEYS=1;
# --------------------------------------------------------

#
# Table structure for table `RUNS`
#

CREATE TABLE RUNS (
  RUNUNIQUEID int(11) NOT NULL auto_increment,
  SESSIONNO int(11) NOT NULL default '0',
  RUNIDENTIFIER int(11) NOT NULL default '0',
  RUNSTART datetime default NULL,
  RUNEND datetime default NULL,
  RUNSTATUS int(11) NOT NULL default '0',
  TYPEID int(11) default NULL,
  PRIMARY KEY  (RUNUNIQUEID),
  KEY RUNUNIQUEID (RUNUNIQUEID),
  KEY SESSIONNO (SESSIONNO)
) TYPE=ISAM PACK_KEYS=1;
# --------------------------------------------------------

#
# Table structure for table `RUNTYPES`
#

CREATE TABLE RUNTYPES (
  TYPEID int(11) NOT NULL auto_increment,
  RUNTYPE varchar(50) default NULL,
  RUNDESCRIPTION varchar(50) default NULL,
  PRODC int(11) default NULL,
  PRIMARY KEY  (TYPEID),
  KEY TYPEID (TYPEID)
) TYPE=ISAM PACK_KEYS=1;
# --------------------------------------------------------

#
# Table structure for table `SAMPLE`
#

CREATE TABLE SAMPLE (
  SAMPLE_KEY int(11) NOT NULL auto_increment,
  DEWARE_KEY int(11) NOT NULL default '0',
  CRYSTAL_KEY int(11) NOT NULL default '0',
  SUFFIX varchar(20) NOT NULL default '',
  DATA_SET enum('native','ligand','mutant','MAD','SAD','MIR') NOT NULL default 'native',
  CRYSTAL_SIZE varchar(20) default NULL,
  RSYM float(10,2) default NULL,
  STRUC_STATUS enum('Completed','Under refinement','Solved','Initial measurements','More phasing needed','Poor data') NOT NULL default 'Initial measurements',
  PUBLI_STATUS enum('Not applicable','In preparation','Submitted','In press','Published') NOT NULL default 'Not applicable',
  BAG_COMMENT varchar(200) default NULL,
  CANE char(3) NOT NULL default '',
  POSITION char(1) NOT NULL default '',
  RESO_REQ float(10,2) default NULL,
  REMARKS varchar(80) default NULL,
  SENT_ON date default NULL,
  RECEPT_DATE date default NULL,
  SAF_FORM enum('yes','no') NOT NULL default 'no',
  STORAGE tinyint(4) default NULL,
  EXP_STATUS varchar(10) default NULL,
  PRIMARY KEY  (SAMPLE_KEY)
) TYPE=ISAM PACK_KEYS=1;
# --------------------------------------------------------

#
# Table structure for table `SESSION`
#

CREATE TABLE SESSION (
  SESSIONNO int(11) NOT NULL auto_increment,
  SE_PL_NO int(11) NOT NULL default '0',
  EXP_OPERATOR varchar(20) default NULL,
  NO_PERF_SHIFTS float(10,2) NOT NULL default '0.00',
  COMMENT varchar(255) default NULL,
  USER_NO int(11) NOT NULL default '0',
  BLOM_COMMENT varchar(200) default NULL,
  LC_COMMENT varchar(200) default NULL,
  KEY SE_PL_NO (SE_PL_NO),
  PRIMARY KEY  (SESSIONNO),
  KEY SESSIONNO (SESSIONNO),
  KEY USER_NO (USER_NO)
) TYPE=ISAM PACK_KEYS=1;
# --------------------------------------------------------

#
# Table structure for table `USER`
#

CREATE TABLE USER (
  USER_NO int(11) NOT NULL auto_increment,
  SE_PL_NO int(11) NOT NULL default '0',
  PROPOS_NO int(11) NOT NULL default '0',
  PROPOS_CATEG_CODE varchar(6) NOT NULL default '',
  PROPOS_CATEG_CPT int(11) NOT NULL default '0',
  SURNAME varchar(45) NOT NULL default '',
  LABO_NAME varchar(45) NOT NULL default '',
  LABO_PAYS_CODE varchar(4) default NULL,
  PROPOS_TIT varchar(180) default NULL,
  LOCAL_CONTACT varchar(45) NOT NULL default '',
  DATE_DEB datetime default NULL,
  DATE_FIN datetime default NULL,
  NO_SHIFTS smallint(6) default NULL,
  INSTR_NOM varchar(16) default NULL,
  SCHEDULED tinyint(4) default '1',
  REG_PXWEB tinyint(4) NOT NULL default '0',
  KEY PROPOS_NO (PROPOS_NO),
  KEY SESSION_NO (SE_PL_NO),
  PRIMARY KEY  (USER_NO),
  KEY USER_NO (USER_NO)
) TYPE=ISAM PACK_KEYS=1;

     
Not that this would allow you to hack them right off, but you could get variable info and alter the URL to gain access or even edit thier database. That is sad.
_________________________
My New site OpenEyes

Top

Moderator:  §intå×, Gremelin 
Featured Member
Registered: 03/05/02
Posts: 9
Forum Stats
2145 Members
46 Forums
33520 Topics
68687 Posts

Max Online: 1567 @ 04/25/10 10:20 AM
Top Posters
UGN Security 26683
Gremelin 7192
§intå× 3255
SilentRage 1273
Ice 1146
pergesu 1136
Infinite 1041
jonconley 955
Girlie 908
unreal 860
Newest Members
Jimmie Menon, fghijk435948, Devo60, ali, lavos
2147 Registered Users
Who's Online
0 registered (), 669 Guests and 300 Spiders online.
Key: Admin, Global Mod, Mod
Latest News


Donate
  Get Firefox!
Get FireFox!