Settings

Theme

CarbonHire.com – DB Details

carbonhire.com

2 points by it200219 12 years ago · 1 comment · 1 min read

Reader

They sent me an email, I dont know even unsubscribe page is not working, surprise to me I can see all DB details over here. Tears in my eyes on seeing these details are exposed to public.

<code> <?php 02 03 define('CRONJOB', TRUE); 04 include("index.php"); 05 06 $email = isset($_GET['email']) ? $_GET['email'] : ""; 07 $hash = md5("carbon".$email); 08 setcookie("guid", $hash, time() + (10 * 365 * 24 * 60 * 60), "/", "carbonhire.com"); 09 //print_r($_COOKIE); 10 header("Location: http://hastrk1.com/serve?action=click&publisher_id=59998&site_id=47256&offer_id=274954", true, 302); 11 12 $link = mysql_connect('geniushire-real-1.cbuqrrbjabbr.us-east-1.rds.amazonaws.com', 'geniushire', ';kcvGayqe05t4!?'); 13 if (!$link) { 14 die('Could not connect: ' . mysql_error()); 15 } 16 17 mysql_select_db("geniushire_real_new", $link) or die('Could not select database.');$sql = "UPDATE gh_central SET cookie_id = '".$hash."' WHERE email = '".$email."'"; 18 if($email != ""){ 19 $sql = "UPDATE gh_central SET cookie_id = '".$hash."' WHERE email = '".$email."'"; 20 $r = mysql_query($sql); 21 } 22 ?>

</code>

it200219OP 12 years ago

They sent me an email, I dont know even unsubscribe page is not working, surprise to me I can see all DB details over here. Tears in my eyes on seeing these details are exposed to public.

<code> <?php 02 03 define('CRONJOB', TRUE); 04 include("index.php"); 05 06 $email = isset($_GET['email']) ? $_GET['email'] : ""; 07 $hash = md5("carbon".$email); 08 setcookie("guid", $hash, time() + (10 * 365 * 24 * 60 * 60), "/", "carbonhire.com"); 09 //print_r($_COOKIE); 10 header("Location: http://hastrk1.com/serve?action=click&publisher_id=59998&sit..., true, 302); 11 12 $link = mysql_connect('geniushire-real-1.cbuqrrbjabbr.us-east-1.rds.amazonaws.com', 'geniushire', ';kcvGayqe05t4!?'); 13 if (!$link) { 14 die('Could not connect: ' . mysql_error()); 15 } 16 17 mysql_select_db("geniushire_real_new", $link) or die('Could not select database.');$sql = "UPDATE gh_central SET cookie_id = '".$hash."' WHERE email = '".$email."'"; 18 if($email != ""){ 19 $sql = "UPDATE gh_central SET cookie_id = '".$hash."' WHERE email = '".$email."'"; 20 $r = mysql_query($sql); 21 } 22 ?>

</code>

Keyboard Shortcuts

j
Next item
k
Previous item
o / Enter
Open selected item
?
Show this help
Esc
Close modal / clear selection