All he needed to do is to put this PHP code in any template file and run it:
var_dump(DB_NAME, DB_USER, DB_PASSWORD, DB_HOST);
One line and it will print all the DB credentials.
As you can see – no vulnerabilities are needed.
All PHP code has access to these credentials. And it has to – otherwise it wouldn’t be able to access DB…
Related Posts:
- What’s the database relationship between a post and its attachments
- Upload files – total size limit – WordPress/Contact Form 7
- Importing 10 Years of Media into the WP Database
- Location of image metadata on my server
- Add pdf to a website
- How to fix Uploaded to this post option to see group of images uploaded to a post?
- Media Library doesn’t allow uploads? Upload Directory
- Uploaded images not displaying full size preview or inserting into posts
- Many images in wp-content/uploads folder that are not in Media Library
- I have uploaded thousands of files in the uploads folder via FTP and I want to register them into the database without any plugin
- What is an ORM, how does it work, and how should I use one? [closed]
- What is the difference between an ORM and an ODM?
- What is this JavaScript “require”?
- Rename a table in MySQL
- How should I tackle –secure-file-priv in MySQL?
- What is this JavaScript “require”?
- What is “Advanced” SQL?
- What’s the difference between identifying and non-identifying relationships?
- Can’t connect to MySQL server on ‘127.0.0.1’ (10061) (2003)
- Can’t connect to MySQL server on ‘127.0.0.1’ (10061) (2003)
- Can’t connect to MySQL server on ‘127.0.0.1’ (10061) (2003)
- What are the differences between B trees and B+ trees?
- MySQL SELECT increment counter
- How to resolve ORA-011033: ORACLE initialization or shutdown in progress
- Example of a strong and weak entity types
- Oracle SQL query for Date format
- phpMyAdmin – Error > Incorrect format parameter?
- Strange Characters in database text: Ã, Ã, ¢, â‚ €,
- Difference between partition key, composite key and clustering key in Cassandra?
- How SID is different from Service name in Oracle tnsnames.ora
- What is a relation in database terminology?
- Failed to connect to mysql at 127.0.0.1:3306 with user root access denied for user ‘root’@’localhost'(using password:YES)
- Database vs File system storage
- Can I have multiple primary keys in a single table?
- Exclude Statement in SQL
- How do you query for “is not null” in Mongo?
- What is a file based database?
- Is it fine to have foreign key as primary key?
- Storing Images in DB – Yea or Nay?
- Using wpdb to connect to a separate database
- how to Optimize WordPress database for 10 million post? [duplicate]
- MySQL Database User: Which Privileges are needed?
- Why is my database import losing text widget data?
- Database synchronization between dev/staging and production
- Keeping WP database synced across multiple developers using git
- WPDB Insert or if exists Update
- Multiple developers / editors working on a site in progress
- How can I make updates to a site, on a development copy, but then move updates back without overriding live site’s evolving database?
- get_results using wpdb
- Will it break my site if I delete all transient records in wp_options table?
- Checking if Database Table exists
- Why WordPress choose data serialization over json_encode?
- What’s the simplest way to backup my WordPress database?
- WordPress (MyISAM) database is slow, should I switch to InnoDB?
- $wpdb won’t insert NULL into table column
- Relaunch 4.2 utf8mb4 database upgrade
- Fastest way (least amount of steps) to locally import a remote database using WP-CLI
- Safest way to bulk delete post revisions
- Please explain how WordPress works with MySQL character set and collation at a low level
- Solution for database version control and deployment?
- The MySQL alternatives: Do Percona Server and MariaDB work well with WordPress, and do they make WordPress go better?
- How many users can WordPress handle?
- Get error messages when $wpdb->insert() returns false?
- Detecting errors generated by $wpdb->get_results()
- Staging sites, how do you manage synchronising updates in the DB?
- Does dbDelta delete columns as well?
- How to get the post publish date outside the loop?
- MariaDB as a backend database
- wpdb update add current timestamp not working
- Site stuck in “Database Update Required” loop
- How to fetch Data in WordPress using MySQLi or $wpdb
- WordPress Database lost auto increment
- Count & Display Database Queries
- Connect to database using wordpress wp-config file
- How can I make a WordPress database portable and url independent?
- Are There Any Plans for WordPress to Support Databases Other Than MySQL?
- wpdb->insert multiple record at once
- How to migrate a HTTPS WordPress installation to localhost?
- Two WordPress sites sharing the same content
- How to integrate custom database table in WordPress and using WordPress functions
- Reset Post IDs to less than 64bit integer
- WP Multisite: load content from site X on site Y
- How To Export/Import WordPress (MySQL) Database Properly Via Command-Line?
- Custom form that store input in database
- Restoring WordPress posts from database only
- What is the purpose of the option name hack_file in the options table?
- Where can I find the database changes between WordPress versions?
- Automate WordPress Database Upgrade
- Database connection close
- WordPress database error with latest WP – “WP_termmeta doesn’t exist”
- WordPress database scalability from the code perspective
- WordPress Unit Testing – Cannot Create Tables
- Using transients in conjunction with memcached
- Displaying content from one WP site on separate WP site
- Lost the `wp_options` table: what’s the best way to restore the site?
- How to define composite keys with dbDelta()
- Insert data in database using form
- Is sanitize_text_field() is enough to save to DB?
- Does wpdb add considerable overhead on queries with large result sets?
- How to stop WordPress using utf8mb4_unicode_520_ci collation?