Aight I have a quick question:

Would it be possible to write a PHP script that connects to a mySQL database which is located in another server/hostname? If yes, can anyone possible post a sample script? Thanks! =)

$hst="192.293.279.222"; /// the ip of the server
$usr="web";
$psswrd="******";
$dtbse="test";
$connex=mysql_connect($hst,$usr,$psswrd);
$db=mysql_select_db($dtbse,$connex);



I think that is how you would do it (never done it before though)

The server has to be configured to allow others to come in though.

Yep that should work.. just make sure that the username you are using has access to connect from another computer!

Also make sure that port 3306 (or whatever port mysql is configured to run on) is open. Generally, most firewall rules disable access to this port.

Many thanks, I will explain what I'm trying to do but first lemme ask this. When I installed postnuke using cpanel I called the admin, ica, so the sql database was created and the username was called 'ica_pnuke1' When I go to 'MySQL Account Maintenance' in the cpanel, I'm able to see :


Connection Strings :
PHP $dbh=mysql_connect ("localhost", "ica_pnuke1", "<PASSWORD HERE>") or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db ("ica_pnuke1");

The question is: How do I know what is the password for ica_pnuke1 and how can I change it?

Thanks!

1), If you scroll down it will show a list of users on the page, just delete the user, And add new one with same username just diffrent password, 2) If you installed phpnuke with this password, look in the PHPnuke directory for config.php if it was installed correctly it will automaticly show the pass and username

Cool! Yep that helped. Thanks..

I was thinking I can access another postnuke website database from my php files located in my server by tweaking some code.. just for fun. I thought I can just guess the username and password, because as I said, in creating the username it follows a pattern:

NAME_pnuke1

but I thought there is a default password or similar password generation but it turned out that I'm wrong..

then I wonder how do hackers hack into a database? umm interesting.

Originally posted by aalkeilani
then I wonder how do hackers hack into a database? umm interesting.

They use SQL injection attacks.

SQL injection attacks? How does that work? Thanks

Originally posted by aalkeilani
SQL injection attacks? How does that work? Thanks

Easiest to demonstrate...

Joe Bad Programmer wants to make a search system for his database, he has the following HTML...

<form action="search.php" METHOD="POST">
<input type="text" name="FooSearch" /> <input type="submit" />
</form>


in search.php he has something like...


$results = mysql_query("SELECT * FROM FooTable WHERE FooCol = '{$_POST['FooSearch']}'");


And it all works nicely, until one day, Jane Malcontent comes along and sees that "FooSearch" in the form looks like it might be being passed straight into the database unchecked. So she puts the following in the form -

'; drop table FooTable;

uh oh, do you can see what will happen when Jane submits the form to search.php? Let me illustrate...


$results = mysql_query("SELECT * FROM FooTable WHERE FooCol = '{$_POST['FooSearch']}'");


becomes


$results = mysql_query("SELECT * FROM FooTable WHERE FooCol = ''; drop table FooTable;");

Because PHP is a server side I wonder how could Jane Malcontent see what is in search.php?

$results = mysql_query("SELECT * FROM FooTable WHERE FooCol = '{$_POST['FooSearch']}'");

Its mostly just pick and guess. Do a search on Google on SQL-injection and you fill find all the information you will ever need ;) And always go by this: NEVER, EVER trust the user's input, there will always be Joe Cool trying to show his buds he can hack into a site....

Yep the information posted here in and the articles i found by searching google were helpful to understand injection but I still don't understand how the user can see the code in a php file and based on it, submit some dangerous input..

You can avoid SQL injection attacks by following a few common sense rules :

1. Don't give the "web" database user drop privileges
2. Use functions such as mysql_escape_string()
3. Don't put your database connection information in a web-accessible directory (you can, infact, set it in .htaccess or even the php.ini file)
4. Verify the source of your query (by using sessions, cookies, etc. -- don't trust HTTP_REFERER)

Originally posted by aalkeilani
... but I still don't understand how the user can see the code in a php file and based on it, submit some dangerous input..
They can't ... they use intelligent guesses as to what is likely to be in the php code.

For the most part, hacking like this is a numbers game. The more sites you try the sooner you'll come across one that isn't secure.

foogee

That is what I thought! Although I read somewhere that you can browse a .php file using telnet?



Originally posted by foogee
They can't ... they use intelligent guesses as to what is likely to be in the php code.

For the most part, hacking like this is a numbers game. The more sites you try the sooner you'll come across one that isn't secure.

foogee

Originally posted by aalkeilani
Yep the information posted here in and the articles i found by searching google were helpful to understand injection but I still don't understand how the user can see the code in a php file and based on it, submit some dangerous input..

Educated guesses by looking at the URLs and forms used on the site, and examining common open source systems to find open injection sites (which can then be exploited on any sites using that same software - this is why things like phpNuke etc are often vulnerable).

Some sites may expose otherwise unavailable information in error messages, for exmple they might expose the full text of a select statement if you enter data such that it causes an error, and of course in the select statement will be one or more tablenames in plain sight.

In general, never trust data from the user, you must always ensure that it is (at least converted to) the correct type, and in the case of strings, correctly escaped, before feeding it into SQL.

I hate hackers

Originally posted by aalkeilani
That is what I thought! Although I read somewhere that you can browse a .php file using telnet?

If your server has a telnet server running, then you have bigger problems than PHP.

If you send a request to a webserver that is properly configured for PHP, then there is very little chance of getting the source of the PHP file, you will most likely get the output (even if you directly telnet to port 80 on the webserver).

So there is no way of getting the actual php source instead of the output?

Originally posted by aalkeilani
So there is no way of getting the actual php source instead of the output?

Not directly through PHP from the outside (at least it has no known vulnerabilities of this type), but your webserver could be configured to do so (it would be silly, but I've seen it before), or somebody else on your shared server could trivially get access to the source code just by scanning through the home directories, or perhaps the server is otherwise compromised, or....

there are always possibilities.

In general the PHP source is completely safe as Apache hides it, unless the webserver is misconfigured. But, if you can it's always smart to keep as much privileged information as possible (eg passwords etc) out of the public web hierarchy, that way it becomes a lot harder for them to get at it.