Get Database Credentials from within the themes file

All he needed to do is to put this PHP code in any template file and run it:

var_dump(DB_NAME, DB_USER, DB_PASSWORD, DB_HOST);

One line and it will print all the DB credentials.

As you can see – no vulnerabilities are needed.

All PHP code has access to these credentials. And it has to – otherwise it wouldn’t be able to access DB…

Related Posts:

  1. What’s the database relationship between a post and its attachments
  2. Upload files – total size limit – WordPress/Contact Form 7
  3. Importing 10 Years of Media into the WP Database
  4. Location of image metadata on my server
  5. Add pdf to a website
  6. How to fix Uploaded to this post option to see group of images uploaded to a post?
  7. Media Library doesn’t allow uploads? Upload Directory
  8. Uploaded images not displaying full size preview or inserting into posts
  9. Many images in wp-content/uploads folder that are not in Media Library
  10. Checking if Database Table exists
  11. Staging sites, how do you manage synchronising updates in the DB?
  12. How to get the post publish date outside the loop?
  13. Using transients in conjunction with memcached
  14. How to define composite keys with dbDelta()
  15. Has parent field in the table wp_term_taxonomy has term_id or term_taxonomy_id
  16. Forcing nickname as display_name in custom edit profile template
  17. Syncing local content with development / staging sites
  18. Export WP database for import using WP-CLI on Vagrant Box
  19. What is the advantage of separating wp_users and wp_usermeta table?
  20. Showing content from another wordpress installation database in the page template loop?
  21. Multiple WP install with same users database
  22. Dynamic data in `wp_register_script` needed
  23. “MySQL server has gone away” since update to 3.8
  24. WordPress page title repeated in SOME pages
  25. Updating all rows of table with $wpdb
  26. What actions affect files, DB, or both?
  27. Cannot unserialize WordPress serialized values in `wp_options` table?
  28. Is $wpdb->prepare escaping to much? How to use it properly?
  29. How to log database changes during an upgrade?
  30. Using same database for main and subdomain
  31. What is stored in the webserver? (Separated Database)
  32. Remove database entries where post_date > expiration date
  33. Installation with sql server express edition
  34. Emojis getting converted to “?”
  35. Building a Scalable Resiliant WP Setup
  36. Single database for multiple instances
  37. Get all tags not just first 10 with wp api 2.0
  38. Should non-WordPress data get its own DB?
  39. Search and replace special characters (å,ä,ö) for image attachments only in database
  40. Accidentally deleted active_plugins portion of the wp_options DB table
  41. Automate dir and DB stack creation with WP-CLI
  42. delete post meta from db, even if does not exist?
  43. In what part of the WordPress core does the users table and usermeta table get joined?
  44. WordPress and MySQL: how to transfer Meta_key and Meta_Value from one post_id to another
  45. Output custom content not from the posts table?
  46. Reducing Database Query Time
  47. How can I get my wordpress password from an SQL file?
  48. Create table from array with prepare
  49. Migrate database between 2 different wordpress version
  50. Is there an atomic way to update_option in WordPress (to ensure data integrity)?
  51. Form that sends data to an admin panel and can export it
  52. All text disappeared (seems to be a database problem) [closed]
  53. Convert user passwords to MD5?
  54. is wordpress stores Role Id in WP database?
  55. Why do database examples sometimes finish with an add_option call?
  56. Upload media only to DB
  57. How to backup my site and restore my wordpress site
  58. How and where is wordpress adding mySQL content to database?
  59. restore a db after bad backup
  60. How get Data form wordpress database as array not stdclass?
  61. cannot connect database
  62. How to delete a particular row in a database table
  63. Brandoo WordPress Unable to Update to WordPress 4.2.2
  64. Connecting to wordpress database in my application [closed]
  65. Is it good practice to import/export a blog to test a redesign?
  66. change the year on all of my custom post types?
  67. How do I have a user upload a blog post and then retrieve that to display in a card on the site?
  68. Delete user with only subscriber role
  69. WordPress keeps redirecting to localhost
  70. get value from ‘terms’ table
  71. custom tables in wordpress Database? (can i just create them with sql?)
  72. New installation fatal error in 5.9.3 at edit or create entry
  73. Storing transients giving database error
  74. How to rename custom table name programatically in wordpress?
  75. Displaying requested data from a the database in wordpress
  76. Accidently changed the GUID
  77. pre_get_posts causings DB error when using ( ‘posts_per_page’, -1)?
  78. generate PDF from member information
  79. Is it safe to add INDEX to a column in WordPress database?
  80. Help posting values to DB on submit using $wpdb->query
  81. Restore Old Database Over Newer WP & Plugin Files
  82. wpdb query to insert images in to post/page gallery
  83. Creating a database in my plugin not working
  84. How to create index (sql) to a meta_key?
  85. Not sure what to do next to optimize
  86. Database structure for thousands of posts
  87. get_user_meta and umeta_id
  88. $wpdb not working
  89. Accessing content from third party as native posts in WordPress
  90. Extracted CSV as Array for Custom Query Loop
  91. Hang Up Followed By Can’t select database
  92. One WP Database outside localhost and two connections
  93. Send data to database after redirect (and popping out of iframe)
  94. Fetch data from another site, but the same database
  95. Simple email input store in database
  96. Every time I update or install a plugin I get “Error Establishing a Database Connection in WordPress”
  97. $wpdb->insert not working for last select option
  98. How to create a table [closed]
  99. Upload wordpress from localhost to 000webhost
  100. Query a meta key using an array of values where the database value is a string