The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

All MySQL Databases on our server can be viewed by any user.

Discussion in 'General Discussion' started by neonix, Aug 26, 2005.

  1. neonix

    neonix Well-Known Member

    Joined:
    Oct 21, 2004
    Messages:
    124
    Likes Received:
    2
    Trophy Points:
    0
    I upgraded cpanel to the latest release 10.6.0-RELEASE 55 and noticed that a user could see all the databases on the server through PHPMyadmin.

    Also, this php script enabled me to connect to any database on the server from a normal user account i.e without root permissions. Here is the little code that is used to get the list of all DBs on the server. Ideally, MySQL should restrict it to the DB's on that particular domain.

    $link = mysql_connect('localhost', 'db_user', '');
    $db_list = mysql_list_dbs($link);

    while ($row = mysql_fetch_object($db_list)) {
    echo $row->Database . "n<br>";
    }


    Please note that it shows al the databases and connects to the database but does not allow database operations such as SELECT, UPDATE...

    I have upgraded apache and PHPMyAdmin no longer shows all the databases. But the php script still shows them..

    This has happened after I upgraded cPanel and since I use this PHP script on a daily basis I am sure that this problem did not exist before.

    I tried mysql_fix_privilege_tables command but it did not work.

    MySQL version is 4.0.25 / Red Hat Enterprise


    What do I do now? Please advise.
     
  2. Mike2Own

    Mike2Own Active Member

    Joined:
    Apr 1, 2004
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    1
    same problem... same cpanel release version too
     
  3. Marty

    Marty Well-Known Member

    Joined:
    Oct 10, 2001
    Messages:
    630
    Likes Received:
    1
    Trophy Points:
    18
Loading...

Share This Page