Finding database passwords in PHP code?
Patton Echols
p.echols at comcast.net
Fri Jan 20 23:06:57 UTC 2012
On 01/20/2012 11:26 AM, Hal Burgiss wrote:
> No, its totally up to the developer. I've been where you are a number
> of times. Here is what I do:
>
> grep for the database server. Find out what the server name is, and do
> a recursive grep for that. That should find the file(s) with the db
> login stuff. Then you can look through that file.
>
> $ grep -r $servername *
>
>
Do you mean the database name? There are an awful lot of files that
reference the server.
What I ended up with after several tries was
$ grep -r DB_PASS * | grep define
That gave me a few lines that look like they contain the actual
passwords. Late this evening I can test them using phpmyadmin from the
web host's control panel.
Thanks again,
>
> On Fri, Jan 20, 2012 at 12:57 PM, Patton Echols <p.echols at comcast.net
> <mailto:p.echols at comcast.net>> wrote:
>
> On Fri, Jan 20, 2012 at 11:34 AM, Patton
> Echols<p.echols at comcast.net <mailto:p.echols at comcast.net>> wrote:
>
> First question:
>
> If I download the PHP for the website, what would I search
> for in order to
> find the passwords?
> (would that work?)
>
>
> On 01/20/2012 09:39 AM, Jeffrey Gray wrote:
>
> I have always seen the login info stored in a seperate file on
> the web
> server but within the web domain's location on the server...In
> other
> words, the passwords is not stored in the served php file but is
> called from another file that SHOULD have permissions set to 600.
>
> -Jeff Gray
>
>
> Thanks, Rather than examine manually, is there particular PHP
> syntax for Passwords I can search for?
>
>
>
>
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com <mailto:ubuntu-users at lists.ubuntu.com>
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>
>
>
>
> --
> Hal
More information about the ubuntu-users
mailing list