

CarbonHire.com – DB Details - it200219
http://www.carbonhire.com/
They sent me an email, I dont know even unsubscribe page is not working, surprise to me I can see all DB details over here. Tears in my eyes on seeing these details are exposed to public.<p>&lt;code&gt;
&lt;?php
02 
03 define(&#x27;CRONJOB&#x27;, TRUE);
04 include(&quot;index.php&quot;);
05 
06 $email = isset($_GET[&#x27;email&#x27;]) ? $_GET[&#x27;email&#x27;] : &quot;&quot;;
07 $hash = md5(&quot;carbon&quot;.$email);
08 setcookie(&quot;guid&quot;, $hash, time() + (10 * 365 * 24 * 60 * 60), &quot;&#x2F;&quot;, &quot;carbonhire.com&quot;);
09 &#x2F;&#x2F;print_r($_COOKIE);
10 header(&quot;Location: http:&#x2F;&#x2F;hastrk1.com&#x2F;serve?action=click&amp;publisher_id=59998&amp;site_id=47256&amp;offer_id=274954&quot;, true, 302);
11  
12 $link = mysql_connect(&#x27;geniushire-real-1.cbuqrrbjabbr.us-east-1.rds.amazonaws.com&#x27;, &#x27;geniushire&#x27;, &#x27;;kcvGayqe05t4!?&#x27;);
13 if (!$link) {
14     die(&#x27;Could not connect: &#x27; . mysql_error());
15 }
16 
17 mysql_select_db(&quot;geniushire_real_new&quot;, $link) or die(&#x27;Could not select database.&#x27;);$sql = &quot;UPDATE gh_central SET cookie_id = &#x27;&quot;.$hash.&quot;&#x27; WHERE email = &#x27;&quot;.$email.&quot;&#x27;&quot;;
18 if($email != &quot;&quot;){
19     $sql = &quot;UPDATE gh_central SET cookie_id = &#x27;&quot;.$hash.&quot;&#x27; WHERE email = &#x27;&quot;.$email.&quot;&#x27;&quot;;
20     $r = mysql_query($sql);
21 }
22 ?&gt;<p>&lt;&#x2F;code&gt;
======
it200219
They sent me an email, I dont know even unsubscribe page is not working,
surprise to me I can see all DB details over here. Tears in my eyes on seeing
these details are exposed to public.

<code> <?php 02 03 define('CRONJOB', TRUE); 04 include("index.php"); 05 06
$email = isset($_GET['email']) ? $_GET['email'] : ""; 07 $hash =
md5("carbon".$email); 08 setcookie("guid", $hash, time() + (10 * 365 * 24 * 60
* 60), "/", "carbonhire.com"); 09 //print_r($_COOKIE); 10 header("Location:
[http://hastrk1.com/serve?action=click&publisher_id=59998&sit...](http://hastrk1.com/serve?action=click&publisher_id=59998&site_id=47256&offer_id=274954"),
true, 302); 11 12 $link = mysql_connect('geniushire-real-1.cbuqrrbjabbr.us-
east-1.rds.amazonaws.com', 'geniushire', ';kcvGayqe05t4!?'); 13 if (!$link) {
14 die('Could not connect: ' . mysql_error()); 15 } 16 17
mysql_select_db("geniushire_real_new", $link) or die('Could not select
database.');$sql = "UPDATE gh_central SET cookie_id = '".$hash."' WHERE email
= '".$email."'"; 18 if($email != ""){ 19 $sql = "UPDATE gh_central SET
cookie_id = '".$hash."' WHERE email = '".$email."'"; 20 $r =
mysql_query($sql); 21 } 22 ?>

</code>

