Re: Walking around amsterdam

Archive of UserLand's first discussion group, started October 5, 1998.

Re: Walking around amsterdam

Author: Eric Soroos

Posted: 5/16/2000; 8:41:11 AM

Topic: Walking around amsterdam

Msg #: 17340 (In response to 17335)

Prev/Next: 17339 / 17341

I got the impression that BugZilla was using MySQL was running with *its* root account, not that MySQL was running-as-the-server-root.
From http://www.dataloss.net/papers/how.defaced.apache.org.txt
/*
 * Mysql
 */
After a long search we found out that mysql was
running as user root and was reachable locally. Because apache.org was
running bugzilla which requires a mysql account and has it
username/password plaintext in the bugzilla source it was easy to
get a username/passwd for the mysql database.
eric

This page was archived on 6/13/2001; 4:55:12 PM.

© Copyright 1998-2001 UserLand Software, Inc.

Author:	Eric Soroos
Posted:	5/16/2000; 8:41:11 AM
Topic:	Walking around amsterdam
Msg #:	17340 (In response to 17335)
Prev/Next:	17339 / 17341