Answer the question
In order to leave comments, you need to log in
Help find php vulnerability
Hi all!
Can you please tell me where to find a description of the php vulnerability, in which it was possible to view the contents of the php file?
Searched until two in the morning, tormented. I remember that there was an article on Habré.
ps. I'm helping a friend with a hacked site. The expolites seem to have been removed, but the infection still reappeared. It is written to the database as if from the admin panel. I have a suspicion that it somehow gets the connection parameters in config.php (someone wrote the engine on their own, so this file is still available from the outside, I'm already redoing it, but it's interesting).
Answer the question
In order to leave comments, you need to log in
In a more or less normal system, it is impossible to write to the database, even knowing the login password, since the ip address of a specific server (s) is specified when connecting to the database.
It can also be sql injection and much more... To know for sure, you need to grep logs for a couple of hours...
In a more or less normal system, it is impossible to write to the database, even knowing the login password, since the ip address of a particular server is specified when connecting to the database ( ov). Allowing access from everywhere is 99% unnecessary.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question