Shared servers
Posted by Ryan Cullen | Posted in Web Design | Posted on 10th November 2007
Tags: dataflame, hacking, mysql, php
0
There is a problem having your website hosted on a shared server, which is that you really need to trust your webhost. So I was rather shocked today when installing phpMyAdmin that without configuring the config.inc.php file I was able to login to the mySQL database.
Not only that but I could see the names of every table on my server. Now this has happened before, but any attempts to view these tables resulted in errors, but this time I was able to view any table, read all the content and even edit a random persons blog post (don’t worry, I undid the changes).
Of any security issue this was a big one, I could have gained access to a large number of wordpress blogs, and if I looked I’m sure I could have found a forum with usernames, emails and md5 hashes of passwords.
However I’m not out for “hacking”, so I contacted my webhost and shortly after as password was added to the mysql root.