vBulletin LTS

Back to vBulletin 3 Articles

A mere config.php encoding is useless
by Milad 05 Jun 2006
Some developers say: "To protect yourself from hackers attacks, encode your config.php" and some other advices.

The mere encoding that is applied to config.php isn't enough.

Because if the hacker has the ability to (create or edit) and excute php files on your filesystem, he would be able to read your config.php variables even if config.php is encoded.

This is very simple and powerful script, it reads your encoded config.php, treats the $config array, and dissplays the variables in nice table.

PHP Code:
// HERE IS THE PATH TO CONFIG.PHP
include('./354/includes/config.php');

echo '<table cellspacing="0" cellpadding="3" align="center" width="500" style="background: #D1D1E1; color: #000000; border: 1px solid #0B198C;">';

foreach ($config as $key => $value)
{
    echo '<tr><td colspan="2" align="center" style="background: #5C7099; color: #FFFFFF; font: bold 10pt verdana, geneva;">' $key '</td></tr>';

    foreach ($value as $key2 => $value2)
    {
        echo '<tr><td width="50%" style="background: #E1E4F2; color: #000000;">' $key2 '</td><td width="50%" style="background: #F5F5FF; color: #000000;">' . ($value2 $value2 '&nbsp;') . '</td></tr>';
    }
}

echo '</table>'
The output will be like this:

&d=1149521550" rel="Lightbox_999244" id="attachment48895

This doesn't mean that vBulletin is insecure, this can be applied to any script.

The solution is at your host, so choose an excellent host.

Don't forget to protect your directories.

vblts.ru supports vBulletin®, 2022-2024