Google Web Service Vulnerability leaks Database Username and Password
A vulnerability in google has been released on http://www.0x000000.com/index.php.
"A large hole has been found inside Google's service: "the removal of websites tool" Earlofgrey reported about it today. There was not much info available, so I decided to check it out myself before it is plugged. Apparently it is a simple directory that wasn't protected, so we can traverse up their directory root and browse folders. A study gave me the impression this hole is unique, legit and not a honey pot. Now it can happen the best of the best that a directory becomes readable. But, one must never, ever, not in a million years, store your database connection info in a folder that can be viewed remotely. Like the www folder."
Quoting the author
"I found the following information in the folders:
# Database stuff
DBDriver = org.gjt.mm.mysql.Driver
DBUrl = jdbc:mysql://localhost/dbRemoveUrl
DBLogin = root
# put password in before the push
DBPassword = k00k00 "
If this is true today is going to suck for someone...
Comments
All Comments are Moderated and will be delayed!
Post a comment
Verify your Comment
Previewing your Comment
Posted by: |
This is only a preview. Your comment has not yet been posted.
The letters and numbers you entered did not match the image. Please try again.
As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.
Having trouble reading this image? View an alternate.