Saturday, 25 August 2012

[EN] phpBB 3.0.10 with 'stopped MySQL' funny one

Hi ;]

Check it out: when You ('for example') have some 'troubles'* with Your database,
then 'me as a pentester' can get some 'usefull' information, when You have also installed phpBB. Idea is crazy but... it's just a talk, so ... ;)

Anyway, looks like this:

... and we can do it like that:

Two (paranoid;)) scenarios:
- first: Your database (port) is ddosed/maybe crashed by some 'time limit'/to-many-connection-from-webapp-situations, and so on...
- second: database stopped in this or other way.

...and now: "plus" 'all above', if You have installed (default) phpBB 3.0.10,
You can get this information: "this maybe is default installed 'all'-server-soft"...

:) So, like I said, this 'could be' valuable information for tester, because now
he/she can 'hit' other "defaults", for example, with DirBuster, nmap, and so on.

How to repair that? Maybe quick-fix should be to remove 'adding' line about
where is .sock-file?

Let me know what do You think :)

Enjoy Your weekend!

No comments:

Post a Comment

What do You think...?