I have a freelancer working on a program for me.
I gave him access to the theme folder via FTP. He uploaded phpMiniAdmin to that folder and, somehow, obtained the database credentials, which he then used to sign in.
How did he manage to obtain those credentials? Is there a vulnerability that can be used once you can upload files to the server?
I have a freelancer working on a program for me.
I gave him access to the theme folder via FTP. He uploaded phpMiniAdmin to that folder and, somehow, obtained the database credentials, which he then used to sign in.
How did he manage to obtain those credentials? Is there a vulnerability that can be used once you can upload files to the server?
All he needed to do is to put this PHP code in any template file and run it:
var_dump(DB_NAME, DB_USER, DB_PASSWORD, DB_HOST);
One line and it will print all the DB credentials.
As you can see - no vulnerabilities are needed.
All PHP code has access to these credentials. And it has to - otherwise it wouldn’t be able to access DB...
If they can upload files then they can upload a php file that can read the database credentials from wp-config.php. Having upload access to the server can let you do almost anything. Don't give that access to people you don't trust. There's no vulnerability here, you just gave them the keys.