I have a freelancer working on a program for me.
I gave him access to the theme folder via FTP. He uploaded phpMiniAdmin to that folder and, somehow, obtained the database credentials, which he then used to sign in.
How did he manage to obtain those credentials? Is there a vulnerability that can be used once you can upload files to the server?
2 Answers
All he needed to do is to put this PHP code in any template file and run it:
var_dump(DB_NAME, DB_USER, DB_PASSWORD, DB_HOST);
One line and it will print all the DB credentials.
As you can see – no vulnerabilities are needed.
All PHP code has access to these credentials. And it has to – otherwise it wouldn’t be able to access DB…
