Can my site be compromised by database credentials?

  • Sudais Asif

    (@sudais299)


    7 years, 8 months ago

    Hi there, If the database credentials of my website can be seen by going to a specific url in the site, can someone gain access to my site only by that without any CPanel or hosting login credentials?

    Please let me know to assess how vulnerable a site is this way.

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    7 years, 8 months ago

    If the database credentials of my website can be seen

    Yes, that’s bad. The database credentials should never be public. If they are, make sure that is stopped and change those credentials right now.

    Thread Starter Sudais Asif

    (@sudais299)

    7 years, 8 months ago

    Hi Jan,Thank you for the answer.

    I wanted to specifically know that although it does pose a security risk, can it be used to compromise my website?

    For example, I tried it on a site but without CPanel & the hosting account login details, couldn’t find a way to the site.

    So is access possible or not?If not, what are the other security risks?

    I appreciate your help!

    Best Regards,
    Sudais A.

    Achyuth Ajoy

    (@achyuthajoy)

    7 years, 8 months ago

    Hi Sudais,
    A hacker could compromise your website & database by scanning your website for breaches in security and utilizing it to gain access to your website’s files. Public visibility of DB credentials would make his job easier.

    Like @jdembowski said, stop public visibility & change database credentials.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Can my site be compromised by database credentials?’ is closed to new replies.