Date: 14 Dec 2007 08:42:16 -0000
From: arsalan1991@gmail.com
To: bugtraq@securityfocus.com
Subject: PHP MySQL Banner Exchange 2.2.1 remote mysql database bug
X-Virus-Scanned: antivirus-gw at tyumen.ru
Discovered by Arsalan kashan
email=arsalan1991@gmail.com
portal=PHP MySQL Banner Exchange
download=http://sourceforge.net/projects/banex
version=2.2.1
bug:
its store the mysql database setting in a .inc file and you can easily read it as a anonymous user
/script_path/inc/lib.inc
the you can connect to mysql database
