php-apm icon indicating copy to clipboard operation
php-apm copied to clipboard

Published 20 hours ago verified publisher icon patrickallaert

db password leaked in phpinfo()

Open jamesstout opened this issue 7 years ago • 1 comments

I think it's from this line:

STD_PHP_INI_ENTRY("apm.mysql_pass", "", PHP_INI_PERDIR, OnUpdateString, mysql_db_pass, zend_apm_globals, apm_globals)

This results in:

screen shot 2017-04-16 at 11 19 50 pm-2

I know I can disable phpinfo, but I wondered if there was a way to obfuscate or bcrypt it before output?

Thanks James

jamesstout avatar Apr 16 '17 15:04 jamesstout

yikes, this is definitely not good. especially when feeding into a central mysql server.

MACscr avatar Sep 05 '17 18:09 MACscr