I have a freelancer working on a program for me.
I gave him access to the theme folder via FTP. He uploaded phpMiniAdmin to that folder and, somehow, obtained the database credentials, which he then used to sign in.
How did he manage to obtain those credentials? Is there a vulnerability that can be used once you can upload files to the server?
I have a freelancer working on a program for me.
I gave him access to the theme folder via FTP. He uploaded phpMiniAdmin to that folder and, somehow, obtained the database credentials, which he then used to sign in.
How did he manage to obtain those credentials? Is there a vulnerability that can be used once you can upload files to the server?
Share Improve this question edited Dec 31, 2018 at 2:39 That Brazilian Guy 1,2413 gold badges19 silver badges43 bronze badges asked Dec 30, 2018 at 14:34 Dan W.Dan W. 234 bronze badges 02 Answers
Reset to default 7All he needed to do is to put this PHP code in any template file and run it:
var_dump(DB_NAME, DB_USER, DB_PASSWORD, DB_HOST);
One line and it will print all the DB credentials.
As you can see - no vulnerabilities are needed.
All PHP code has access to these credentials. And it has to - otherwise it wouldn’t be able to access DB...
If they can upload files then they can upload a php file that can read the database credentials from wp-config.php. Having upload access to the server can let you do almost anything. Don't give that access to people you don't trust. There's no vulnerability here, you just gave them the keys.