Your browser does not seem to support CSS. If images appear below, please disregard them.
toggle
July
S M T W T F S
1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31
Sponsored Links
Latest Postings
· Blackbeard.....
by Gremelin on 07/04/16 08:31 PM
Topic Options
Rate This Topic
#18128 - 01/27/03 08:31 AM phpinfo.php so simple
Joined: Apr 2002
Posts: 212
Rapture Offline
Member
Rapture Offline
Member

Joined: Apr 2002
Posts: 212
Redwood
I was bored tonight and i remember using invisionboards message board on my site before. Once of the exploits with it was the phpinfo.php file. All you had to do was go to that file and it would give someone just about anything they need. Me being my curious self just typed in "phpinfo.php" on google and up popped 14,000 files.

here is a good example of how open this leaves boards to. http://laughingsquid.com/phpinfo.php

gives paths, server info, and all the configuration settings. I didn't go any further (yet) with this but isn't that a little unsecure? I'm not that good with message board stuff, it just caught my eye.

Anybody got some info or feedback to go along with this? I'de be interested to see what some of you have to say about it.

Top
Sponsored Links
#18129 - 01/27/03 10:00 AM Re: phpinfo.php so simple
Joined: Dec 2002
Posts: 3,255
§intå× Offline
§intå× Offline



Joined: Dec 2002
Posts: 3,255
Maryland
that isn't message board stuff that is a simple php script

Code:
<?
info();
?>

save as phpinfo.php or info.php or etc. etc. etc.
The person can just remove the script. they are stupid for leaving it yes, but it is easily fixable.


My New site OpenEyes
Top
#18130 - 01/27/03 02:38 PM Re: phpinfo.php so simple
Joined: Mar 2002
Posts: 1,273
SilentRage Offline
DollarDNS Owner
SilentRage Offline
DollarDNS Owner

Joined: Mar 2002
Posts: 1,273
OH, USA
if you had an exploit to get into the system, then yes, that script can give you a lot of useful information that may help in how you should use whatever exploit you have. But, that info in itself doesn't enable you to exploit them.


Domain Registration, Hosting, Management
http://www.dollardns.net
Top
#18131 - 01/27/03 03:12 PM Re: phpinfo.php so simple
Joined: Apr 2002
Posts: 212
Rapture Offline
Member
Rapture Offline
Member

Joined: Apr 2002
Posts: 212
Redwood
*nods*

that's what I had figured out by the time I fell asleep last night. Just found it interesting.

Top
#18132 - 01/27/03 06:44 PM Re: phpinfo.php so simple
Joined: Mar 2002
Posts: 506
Crime Offline
UGN Super Poster
Crime Offline
UGN Super Poster

Joined: Mar 2002
Posts: 506
SC, usa
try posting in the right fourm next time.

Web Design
ASP, PHP, Python, Perl, CGI, SHTML, DHTML, Flash, XML, VML...


you would prolly get alot more answers

Top
#18133 - 01/29/03 02:02 AM Re: phpinfo.php so simple
Joined: Aug 2002
Posts: 68
Scalli0n Offline
Junior Member
Scalli0n Offline
Junior Member

Joined: Aug 2002
Posts: 68
It does provide information about the server.

http://www.promodtecnologies.com/phpinfo.php

Just wait till gizzy sees this...

Top
#18134 - 01/29/03 02:47 AM Re: phpinfo.php so simple
Joined: Feb 2002
Posts: 7,195
Gremelin Offline
Community Owner
Gremelin Offline

Community Owner

Joined: Feb 2002
Posts: 7,195
Portland, OR; USA
who cares lol...


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
Top
#18135 - 01/29/03 09:53 PM Re: phpinfo.php so simple
Joined: Dec 2002
Posts: 3,255
§intå× Offline
§intå× Offline



Joined: Dec 2002
Posts: 3,255
Maryland
.... I never created that. I of course made one to see what Xnull supported but called it test.php


My New site OpenEyes
Top
#18136 - 01/30/03 03:39 AM Re: phpinfo.php so simple
Joined: Feb 2002
Posts: 7,195
Gremelin Offline
Community Owner
Gremelin Offline

Community Owner

Joined: Feb 2002
Posts: 7,195
Portland, OR; USA
I did lol...


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
Top
#18137 - 01/30/03 06:10 AM Re: phpinfo.php so simple
Joined: Dec 2002
Posts: 3,255
§intå× Offline
§intå× Offline



Joined: Dec 2002
Posts: 3,255
Maryland
HTTP_REFERER http://www.undergroundnews.com/cgi-bin/ubbcgi/ultimatebb.cgi?ubb=get_topic;f=14;t=000076


heh it supports Sybase. You should kill MySQL and get Sybase on that puppy.


My New site OpenEyes
Top
#18138 - 02/01/03 04:33 AM Re: phpinfo.php so simple
Joined: Aug 2002
Posts: 68
Scalli0n Offline
Junior Member
Scalli0n Offline
Junior Member

Joined: Aug 2002
Posts: 68
Try searching google for 'phpmyadmin running on localhost'. Interesting results.

Top
#18139 - 02/07/03 09:06 PM Re: phpinfo.php so simple
Joined: Apr 2002
Posts: 212
Rapture Offline
Member
Rapture Offline
Member

Joined: Apr 2002
Posts: 212
Redwood
that's even worse then the phpinfo.php i originally posted about.

oh well *shrug*

Top
#18140 - 02/10/03 03:34 PM Re: phpinfo.php so simple
Joined: Dec 2002
Posts: 3,255
§intå× Offline
§intå× Offline



Joined: Dec 2002
Posts: 3,255
Maryland
Jesus
ftp.esrf.fr/pub/expg/spec/db_details_structure.html


Code:
  phpMyAdmin MySQL-Dump
# version 2.3.2
# http://www.phpmyadmin.net/ (download page)
#
# Host: localhost
# Generation Time: Nov 05, 2002 at 10:16 AM
# Server version: 3.23.37
# PHP Version: 4.0.6
# Database : `BM`
# --------------------------------------------------------

#
# Table structure for table `CRYSTAL`
#

CREATE TABLE CRYSTAL (
  PROTEIN_NAME text,
  PROPOSID varchar(10) NOT NULL default 'XX-nnnn',
  CRYSTALID varchar(20) NOT NULL default '',
  SPACE_GROUP varchar(10) default NULL,
  CELL_DIM_A decimal(4,2) default '0.00',
  CELL_DIM_B decimal(4,2) default '0.00',
  CELL_DIM_C decimal(4,2) default '0.00',
  CELL_DIM_AL decimal(4,2) default '0.00',
  CELL_DIM_BE decimal(4,2) default '0.00',
  CELL_DIM_GA decimal(4,2) default '0.00',
  RES_PREV float(10,2) default '0.00',
  COMMENTS text,
  CRYSTAL_KEY smallint(6) NOT NULL auto_increment,
  KEY CRYSTAL_KEY (CRYSTAL_KEY),
  PRIMARY KEY  (CRYSTAL_KEY),
  KEY CRYSTALID (CRYSTALID)
) TYPE=ISAM PACK_KEYS=1;
# --------------------------------------------------------

#
# Table structure for table `DETECTORS`
#

CREATE TABLE DETECTORS (
  DETECTORID int(11) NOT NULL auto_increment,
  IMGTYPE varchar(50) default NULL,
  NHEAD int(11) NOT NULL default '0',
  LRECL int(11) NOT NULL default '0',
  NPIXELX int(11) NOT NULL default '0',
  NPIXELY int(11) NOT NULL default '0',
  IMGDRC varchar(50) default NULL,
  ENDED varchar(6) default NULL,
  YPXMAX double(16,4) NOT NULL default '0.0000',
  ZPXMAX double(16,4) NOT NULL default '0.0000',
  YBEAM double(16,4) NOT NULL default '0.0000',
  ZBEAM double(16,4) NOT NULL default '0.0000',
  YPXSIZ double(16,4) NOT NULL default '0.0000',
  ZPXSIZ double(16,4) NOT NULL default '0.0000',
  ROFF double(16,4) NOT NULL default '0.0000',
  TOFF double(16,4) NOT NULL default '0.0000',
  NUMBITS int(11) NOT NULL default '0',
  DESCRIPTION varchar(50) default NULL,
  SPDFIL varchar(255) default NULL,
  KEY DETECTORID (DETECTORID),
  KEY NUMBITS (NUMBITS),
  PRIMARY KEY  (DETECTORID)
) TYPE=ISAM PACK_KEYS=1;
# --------------------------------------------------------

#
# Table structure for table `DEWARE`
#

CREATE TABLE DEWARE (
  DEWARE_KEY smallint(6) NOT NULL auto_increment,
  SENT_ON date NOT NULL default '0000-00-00',
  COURIER_CO varchar(10) NOT NULL default '',
  SENDING_NB varchar(10) default NULL,
  PROPOSID varchar(10) NOT NULL default '',
  COMMENTS varchar(200) default NULL,
  SUB_STATUS enum('opened','closed') NOT NULL default 'opened',
  KEY DEWARE_KEY (DEWARE_KEY)
) TYPE=ISAM PACK_KEYS=1;
# --------------------------------------------------------

#
# Table structure for table `DICTIONARY`
#

CREATE TABLE DICTIONARY (
  PARAMID int(11) NOT NULL auto_increment,
  PARAMBRIEF varchar(50) default NULL,
  PARAMDESC varchar(255) default NULL,
  PARAMFORMAT varchar(50) default NULL,
  PARAMELEMENTS int(11) NOT NULL default '0',
  PARAMTYPE int(11) NOT NULL default '0',
  PARAMINST int(11) default NULL,
  KEY PARAMID (PARAMID),
  PRIMARY KEY  (PARAMID)
) TYPE=ISAM PACK_KEYS=1;
# --------------------------------------------------------

#
# Table structure for table `IMAGES`
#

CREATE TABLE IMAGES (
  IMAGEID int(11) NOT NULL auto_increment,
  RUNUNIQUEID int(11) NOT NULL default '0',
  TYPE int(11) NOT NULL default '0',
  FILENAME varchar(50) default NULL,
  LOCATION varchar(60) default NULL,
  KEY IMAGEID (IMAGEID),
  PRIMARY KEY  (IMAGEID),
  KEY RUNUNIQUEID (RUNUNIQUEID)
) TYPE=ISAM PACK_KEYS=1;
# --------------------------------------------------------

#
# Table structure for table `MAD`
#

CREATE TABLE MAD (
  MAD_ID int(11) NOT NULL auto_increment,
  RUNUNIQUEID int(11) NOT NULL default '0',
  ESCAN_FILE varchar(100) default NULL,
  KEY MAD_ID (MAD_ID),
  PRIMARY KEY  (MAD_ID)
) TYPE=ISAM PACK_KEYS=1;
# --------------------------------------------------------

#
# Table structure for table `PARAMETERTOIMAGE`
#

CREATE TABLE PARAMETERTOIMAGE (
  PARAMRUNID int(11) NOT NULL auto_increment,
  IMAGEID int(11) NOT NULL default '0',
  PARAMID int(11) NOT NULL default '0',
  PARAMVALUE float(10,2) NOT NULL default '0.00',
  PARAMTEXT varchar(50) default NULL,
  KEY IMAGEID (IMAGEID),
  KEY PARAMID (PARAMID),
  KEY PARAMRUNID (PARAMRUNID),
  PRIMARY KEY  (PARAMRUNID)
) TYPE=ISAM PACK_KEYS=1;
# --------------------------------------------------------

#
# Table structure for table `PARAMETERTORUN`
#

CREATE TABLE PARAMETERTORUN (
  PARAMRUNID int(11) NOT NULL auto_increment,
  RUNUNIQUEID int(11) NOT NULL default '0',
  PARAMID int(11) NOT NULL default '0',
  PARAMVALUE float(10,2) NOT NULL default '0.00',
  PARAMTEXT varchar(200) NOT NULL default 'None',
  KEY PARAMID (PARAMID),
  KEY PARAMRUNID (PARAMRUNID),
  PRIMARY KEY  (PARAMRUNID),
  KEY RUNUNIQUEID (RUNUNIQUEID)
) TYPE=ISAM PACK_KEYS=1;
# --------------------------------------------------------

#
# Table structure for table `RUNS`
#

CREATE TABLE RUNS (
  RUNUNIQUEID int(11) NOT NULL auto_increment,
  SESSIONNO int(11) NOT NULL default '0',
  RUNIDENTIFIER int(11) NOT NULL default '0',
  RUNSTART datetime default NULL,
  RUNEND datetime default NULL,
  RUNSTATUS int(11) NOT NULL default '0',
  TYPEID int(11) default NULL,
  PRIMARY KEY  (RUNUNIQUEID),
  KEY RUNUNIQUEID (RUNUNIQUEID),
  KEY SESSIONNO (SESSIONNO)
) TYPE=ISAM PACK_KEYS=1;
# --------------------------------------------------------

#
# Table structure for table `RUNTYPES`
#

CREATE TABLE RUNTYPES (
  TYPEID int(11) NOT NULL auto_increment,
  RUNTYPE varchar(50) default NULL,
  RUNDESCRIPTION varchar(50) default NULL,
  PRODC int(11) default NULL,
  PRIMARY KEY  (TYPEID),
  KEY TYPEID (TYPEID)
) TYPE=ISAM PACK_KEYS=1;
# --------------------------------------------------------

#
# Table structure for table `SAMPLE`
#

CREATE TABLE SAMPLE (
  SAMPLE_KEY int(11) NOT NULL auto_increment,
  DEWARE_KEY int(11) NOT NULL default '0',
  CRYSTAL_KEY int(11) NOT NULL default '0',
  SUFFIX varchar(20) NOT NULL default '',
  DATA_SET enum('native','ligand','mutant','MAD','SAD','MIR') NOT NULL default 'native',
  CRYSTAL_SIZE varchar(20) default NULL,
  RSYM float(10,2) default NULL,
  STRUC_STATUS enum('Completed','Under refinement','Solved','Initial measurements','More phasing needed','Poor data') NOT NULL default 'Initial measurements',
  PUBLI_STATUS enum('Not applicable','In preparation','Submitted','In press','Published') NOT NULL default 'Not applicable',
  BAG_COMMENT varchar(200) default NULL,
  CANE char(3) NOT NULL default '',
  POSITION char(1) NOT NULL default '',
  RESO_REQ float(10,2) default NULL,
  REMARKS varchar(80) default NULL,
  SENT_ON date default NULL,
  RECEPT_DATE date default NULL,
  SAF_FORM enum('yes','no') NOT NULL default 'no',
  STORAGE tinyint(4) default NULL,
  EXP_STATUS varchar(10) default NULL,
  PRIMARY KEY  (SAMPLE_KEY)
) TYPE=ISAM PACK_KEYS=1;
# --------------------------------------------------------

#
# Table structure for table `SESSION`
#

CREATE TABLE SESSION (
  SESSIONNO int(11) NOT NULL auto_increment,
  SE_PL_NO int(11) NOT NULL default '0',
  EXP_OPERATOR varchar(20) default NULL,
  NO_PERF_SHIFTS float(10,2) NOT NULL default '0.00',
  COMMENT varchar(255) default NULL,
  USER_NO int(11) NOT NULL default '0',
  BLOM_COMMENT varchar(200) default NULL,
  LC_COMMENT varchar(200) default NULL,
  KEY SE_PL_NO (SE_PL_NO),
  PRIMARY KEY  (SESSIONNO),
  KEY SESSIONNO (SESSIONNO),
  KEY USER_NO (USER_NO)
) TYPE=ISAM PACK_KEYS=1;
# --------------------------------------------------------

#
# Table structure for table `USER`
#

CREATE TABLE USER (
  USER_NO int(11) NOT NULL auto_increment,
  SE_PL_NO int(11) NOT NULL default '0',
  PROPOS_NO int(11) NOT NULL default '0',
  PROPOS_CATEG_CODE varchar(6) NOT NULL default '',
  PROPOS_CATEG_CPT int(11) NOT NULL default '0',
  SURNAME varchar(45) NOT NULL default '',
  LABO_NAME varchar(45) NOT NULL default '',
  LABO_PAYS_CODE varchar(4) default NULL,
  PROPOS_TIT varchar(180) default NULL,
  LOCAL_CONTACT varchar(45) NOT NULL default '',
  DATE_DEB datetime default NULL,
  DATE_FIN datetime default NULL,
  NO_SHIFTS smallint(6) default NULL,
  INSTR_NOM varchar(16) default NULL,
  SCHEDULED tinyint(4) default '1',
  REG_PXWEB tinyint(4) NOT NULL default '0',
  KEY PROPOS_NO (PROPOS_NO),
  KEY SESSION_NO (SE_PL_NO),
  PRIMARY KEY  (USER_NO),
  KEY USER_NO (USER_NO)
) TYPE=ISAM PACK_KEYS=1;

     
Not that this would allow you to hack them right off, but you could get variable info and alter the URL to gain access or even edit thier database. That is sad.


My New site OpenEyes
Top

Member Spotlight
Crime

Crime
SC, usa
Posts: 506
Joined: March 2002
Show All Member Profiles 
Forum Statistics
Forums46
Topics46,229
Posts81,399
Members2,157
Most Online1,567
Apr 25th, 2010
Top Posters(All Time)
UGN Security 39,393
Gremelin 7,195
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Newest Members
Herbert_Sherbert, codemauve, Lillysdragon1984, Brewwit, boa
2157 Registered Users
Who's Online Now
0 registered members (), 1 guest and 0 spiders.
Latest News