December 20, 2004 — (WEB HOST INDUSTRY REVIEW) — According to a report by research and analysis firm Netcraft (netcraft.com), a published vulnerability shows how to use newly discovered security holes in PHP, an open source server side scripting language, to steal database passwords from the phpBB bulletin board program. The flaw was published on the BugTraq mailing list and several other Web sites, the report said.
r
r
PHP is used to power Web applications that connect with databases such as MySQL and is commonly bundled with shared hosting accounts. Netcraft says an attacker can exploit the flaw to retrieve the username and password of an application’s MySQL database. According to Netcraft, the flaw is a strong incentive for Web hosting companies to upgrade to new versions of PHP.
r
r
The PHP bulletin board development team has notified users of the vulnerability and has urged users and hosting providers to upgrade, the report said. The phpBB bulletin board, one of the most popular on the Internet, has more than 156,000 users.
r
r
The PHP project site (php.net) also issued warnings and has reportedly fixed versions 4.3.10 and 5.0.3.
About theWHIR.com
Since 2000, The Web Host Industry Review has made a name for itself as the foremost authority of the Web hosting industry providing reliable, insightful and comprehensive news, interviews and resources to the hosting community. TheWHIR is an iNET Interactive property. For more information on iNET Interactive, visit http://www.inetinteractive.com
No related posts.
