so I made a script that would accept a GET request through a script on my page download the url in the GET and then echo the response.
Sort of like an in browser proxy.
Basically someone found out you could grab my local files and display the contents with that script. Using file:
He got my file:///etc/passwd and more.
What else he could have gotten I am not sure.
Should I be worried?
What steps should I take?
I had some scripts that had mysql passwords in them, should I change these passwords? I am not sure he got to them.
I also had PHPMYADMIN, is it possible he could have gotten my phpmyadmin password?
I use this password for a lot of things, so let me know if it could have been exposed.
Thank you for the fast help!
Script:
<?php
$url = $_GET['url'];
$ch=curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_TIMEOUT, 7);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$results = curl_exec($ch);
curl_close($ch);
echo $results;
?>
Aucun commentaire:
Enregistrer un commentaire