Potentially dangerous

Skip to first unread message

Dirk Hoeschen

Oct 22, 2015, 3:42:41 AM10/22/15
to SQL Buddy
I use SqlBuddy from time to time to get access a website without PhpMyadmin.

Be aware that SqlBuddy might be dangerous.
So you should remove the folder after usage.

Example: SqlBuddy stores export-files in a /exports folder. The default filename is export.sql. 
But even if you don't use the default name (90% will!) this directory is browsable in
some environments.

Dirk Hoeschen

Oct 22, 2015, 3:51:18 AM10/22/15
to SQL Buddy
Please look also at the Path Vulnerability post here at the forum.
Even if you do not understand the meaning.

To translate it for people without technical background:
With sqlbuddy installed everyone can access every file on your server if he knows the path.
Reply all
Reply to author
0 new messages