Skip to main content

[FIX] Opencart leak of database information on database connection error

Opencart have a serious leak of database informations when there's a database connection error.

The fix/workaround can be downloaded here


Is it a problem?

With a simple script I got ~800.000 results and I've been able to scrap more than ~30.000 (in hours due to google limitations) and dumped more than 500 complete databases (those without restrictions from remote connections).
From accessing the db several things can be done, even writing files, replacing informations (ex. malicious scripts, the paypal account, etc), getting more rights, etc.

I just proved that it can be done and nothing else.

 ----------------------------

 
You can add the domain TLD to have more results from google. I even found some important websites.
 

something like that

https://www.google.com/search?q=system\library\db.php(31):+DB\MySQLi->__construct(


I took the first results from my search (and replaced the passwords):

berardomacchine.com

'89.46.111.189', 'Sql1428497', '####',...

 

sabrytendedasole.com

 /home/lzvmcffn/public_html

'localhost', 'lzvmcffn_opencv...',  '####', ...

 

  moves-consulting.com

/users/auraqt/movesconsulting/shop/

'sql616.your-ser...', 'mconsulting',  '####', ...




NOTE: I didn't (mis)use any information. The current post is meant to understand the problem and to give you a simple solution. I'm not interested in other people data and I wouldn't use it even if I possibly have interests in it.

Comments

Post a Comment

Popular posts from this blog

Hashes Algorithms used in different web applications

Hashes Algorithms used in different web applications. I've done this list by hand. Not all the hashes algos are correct (I've generically added md5 or ??? where is unkwnown). If you are interested send corrections and I will update it. I will publish also a better version with tabs. You can reproduce it without problems. It's part of the project mdcrack gui on sourceforge. Use the | as data separator. ----------------------------------------------------------------------------------------------------------------------------------------------------- | Title | Hash Algorithm | TablePrefix | Table Name | Website | ----------------------------------------------------------------------------------------------------------------------------------------------------- | 1C Битрикс | md5($pass) | | |http://www.1c-bitrix.ru/ | 1024cms | md5($pass) | | |http://www.1024cms.org/ | 4images | md5($pass) | | |http://ww...
Post a Comment
Read more

2022 - Remove (the too many) Ads from Memu launcher

Simple method Download from pureapk "MEmu Launcher2" ex: MEmu Launcher2_v6.0.9_apkpure.com Install "System app remover" (root) remove from system apps the "memu launcher 2" import the "purified" MEmu Launcher2 apk with the Memu utility ("apk" on the right toolbar) Longer method Install "Export Apk" Export the memu launcher2  Install purify https://github.com/echo-devim/purify/raw/master/Purify.apk use purify with the exported memu launcher 2 Install "System app remover" (root) remove from system apps the "memu launcher 2" import the "purified" MEmu Launcher2 apk with the Memu utility ("apk" on the right toolbar)      
Post a Comment
Read more

[FIX] cyberpunk skip dialogue disappeared - pc Y button

  open C:\Games\Cyberpunk 2077\r6\config\inputUserMappings.xml with a text editor (ex. notepad++)   find   <mapping name="SceneFastForward_Button" type="Button" > ... </mapping> example (my non working settings)     <mapping name="SceneFastForward_Button" type="Button" >         <button id="IK_Pad_DigitLeft" />         <button id="IK_Y" overridableUI="fastForward" />     </mapping> and REPLACE it with the following:     <mapping name="SceneFastForward_Button" type="Button" >         <button id="IK_Pad_B_CIRCLE" />         <button id="IK_C" overridableUI="fastForward"/>     </mapping> thanks to the vanilla xml files on nexus mods as the original source.
Post a Comment
Read more